8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed

Analysis

max time kernel
150s
max time network
128s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28/07/2024, 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
Size

288KB
MD5

d0857bb79c7f16efd639c9a16e20cdb9
SHA1

53bdd7d92868e56f1b5d1d0ede8995ea8e230172
SHA256

8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed
SHA512

8b22638a62d36539a044844b598d04e66112661982b7dba15a40aa502ccca1b96460ad229e5bf0601bb2f6728fa85c17747ee90e738129de7a5217187f9ce5cc
SSDEEP

6144:KiQSoKWSYeuZGqVxBEOIAtH3D6IsZSY/6Xv5eJHwRUd6:VQtKrYeuVy+NT69SY/6XxeJHIe6

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (235) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1908-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0008000000016d74-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/1908-48-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\CompareOpen.i64.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe

C:\Users\Admin\AppData\Local\Temp\8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe
"C:\Users\Admin\AppData\Local\Temp\8c6ee7d113b2e782fb99317062d6f80cda3949709f5fc6a225af031a9db5eaed.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
288KB

MD5
6838ab19a695981d1ba743fc346daec8

SHA1
0bb11096ca52dd5db79b22e644fe74d800a783b6

SHA256
020b779fb943dedda8876f49061641c5207bf99f2cfbbbc6480ed15e32aef2ca

SHA512
395948ccadecf0787cf16371ce0f516c92e76928e1af97c3bb8caf03de39d67984fbfb59bbee99b902f960e7d6a76967a17975fdd03614e44d0eac0cb4c2efc8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
297KB

MD5
104adfa6dffa5dc447a7055e879ced81

SHA1
1b9b42202dab40f8c0edcba5f2091fc779e07f1e

SHA256
da8361b63713cd44edceebca3d28151add8814c57c6b2e8fce089eb9d892ecde

SHA512
8bd9a6bb70116237fdf0c3dead20f5d81b938c23b51a9fff6b73482d9bf297758aa07cb474e0d15f275e84fcbb33be4a23830ee2d546787ea9a9a680c7f5b6f9

Download Submit
memory/1908-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1908-48-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download