7f3e30ce66c6c0c7fd8d6ad936f9332ab940f666afae1c1c086d67552afefbd8

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bd485680b4e434d89fa7effe8069a70N.exe
Size

21KB
MD5

8bd485680b4e434d89fa7effe8069a70
SHA1

9dd304844339ad59b6b112cec055e024337217e8
SHA256

7f3e30ce66c6c0c7fd8d6ad936f9332ab940f666afae1c1c086d67552afefbd8
SHA512

8d1bd390dbd1018409f0182d6db68cb7c626cf36b694b91da0414451b8e4815124b6987637a0c1d5de5ae045adf74c00ab5eef9098ca712dc957e452542acdbf
SSDEEP

384:QOlIBXDaU7CPKK0TIhfJJcbQbf1Oti1JGBQOOiQJhATm+uA+uU5tlua:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJx

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (323) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2676-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000900000001227c-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/2676-22-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	8bd485680b4e434d89fa7effe8069a70N.exe

C:\Users\Admin\AppData\Local\Temp\8bd485680b4e434d89fa7effe8069a70N.exe
"C:\Users\Admin\AppData\Local\Temp\8bd485680b4e434d89fa7effe8069a70N.exe"
1⤵
- Drops file in Program Files directory
PID:2676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
21KB

MD5
513d9080635577fe8e1cb5a44c392e03

SHA1
ea359e48a9458120487a8db844fff823eddbaa64

SHA256
ea03e2f976e96f6432e637997e25599fd336c0e0d0c4ed0832f49613b614d716

SHA512
bced5f2e0608903aab75ccf9446022bae30297f65950024405b39daf7f3c136d35f495d908a1329e6b4b3dd4d97d58d79e36a383b8d73e6ef0b60191edf030fc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
30KB

MD5
2bf29baebfaa872d2789243fc10273ab

SHA1
771d1eb9150629a3a1d55b760df8ff9c24ac570f

SHA256
b0d0d0c901ccfb31e0263934d935640dff0742e71f7b71f4015f411a59957de6

SHA512
85947ef4e9c1d6058d15ca0827a919b120526680a4921a95bfeadf1b6bb99e08d3632933f151aa64e74f1c0d2bfa4e4ae47cc6efb22409f6eb1a70fcd675a0b7

Download Submit
memory/2676-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2676-22-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads