4814714af2d73bd5f7778b9db5a71705984e904d8d8c53914d84204034cd9e5c

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01-08-2024 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14aed829459d09cb43656c52398007e0N.exe
Size

47KB
MD5

14aed829459d09cb43656c52398007e0
SHA1

e4b7be314bf92c6ef55c9753bf3ab42f49bd6632
SHA256

4814714af2d73bd5f7778b9db5a71705984e904d8d8c53914d84204034cd9e5c
SHA512

2cb27259f561bb07354b46acff35b52602a8edd964d9672d21aa16bcc13271a20dd1292b73910c82276402929b828bc2255c7daa6191c1a4c156ac1c391b5240
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJXGiXZqV92N2X:V7Zf/FAxTWoJJXUVYoX

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (338) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1932-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0004000000017801-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/1932-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\desktop.ini.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	14aed829459d09cb43656c52398007e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	14aed829459d09cb43656c52398007e0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	14aed829459d09cb43656c52398007e0N.exe

C:\Users\Admin\AppData\Local\Temp\14aed829459d09cb43656c52398007e0N.exe
"C:\Users\Admin\AppData\Local\Temp\14aed829459d09cb43656c52398007e0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
48KB

MD5
3d3ffa4611f027fd126d65e8d36f33ce

SHA1
5bd67170dd3b03e043c705ebf1a02d738166437e

SHA256
e95fdfceed5f4843e048c00ad763071a044d8eb9a4f2a0a27dc24509577a5fd5

SHA512
920d2cdcf0e2271ec3575a48d6fecc7e7de0a4a612dd6fd40c52fcf1ba39ff64f7b6e71b0302898508fa5029c6e7bac347c3629201170f4b0a8760325870a6a1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
3765a8a2bac3ad998115383df636bb3f

SHA1
cb7dcbf8265c22e19a88424cdeac92f5c228e748

SHA256
61ade8532a77c99bc0326410819b1369f63c6603281c1aa0fa0c43c5a311cbc1

SHA512
0d031572861545131fd5cf1889441b38d042fe5d8567126fed1b1daaaab77bc339d0ba665a49d26ef1de7634377c6002eb856e5cdc52eaae7c3dacbc8ce0ec48

Download Submit
memory/1932-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1932-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download