cbec52db28b7fc46b046bef4e6e94488d7889c297639432517c976408cff940b

Analysis

max time kernel
120s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80276ca772d47c3e792f06b1b79541f0N.exe
Size

57KB
MD5

80276ca772d47c3e792f06b1b79541f0
SHA1

afcebb86a302361d82e39616bf8da0c9542535a8
SHA256

cbec52db28b7fc46b046bef4e6e94488d7889c297639432517c976408cff940b
SHA512

bcfa925b246e3c48672a04d45ce346cca11aa91f9f243031ae2f2eeaa20b9b618ef768be02af087fb986803d0dbb48e17cea0129bbd8f491c53b2a558e24cccb
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyHF/MF/6m0mdC:V7Zf/FAxTWoJJZENTNyl2Sm0mGnL

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (372) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2468-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000014968-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/2468-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\AssertRead.wmf.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	80276ca772d47c3e792f06b1b79541f0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	80276ca772d47c3e792f06b1b79541f0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	80276ca772d47c3e792f06b1b79541f0N.exe

C:\Users\Admin\AppData\Local\Temp\80276ca772d47c3e792f06b1b79541f0N.exe
"C:\Users\Admin\AppData\Local\Temp\80276ca772d47c3e792f06b1b79541f0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
58KB

MD5
70ae6f75637b19667293273e01187f13

SHA1
8ae84f44bd96cefbf112d3a571729cf64d44ac22

SHA256
ea3f365936fc3a6e62bb7c0333548f34f2c24bba381d37383fb16428a1209aff

SHA512
5f090af6a9e814aa607da54e048a30f4af9b5f648cd1b6cfd9c1c97f52d2ccf52b31cbe41cddb756e9a0290e80aea8abe9a46e62497b60e3c2ecfe6546a6ce15

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
67KB

MD5
3ea187cd8b0d6fbf6dacabdbe82d0b19

SHA1
90e892216db070eed5c13e6d835c3342498bcba9

SHA256
a1e423eeceb1736c178f0d971780d66788bb7261ecd7eb05488ea4b1deec2588

SHA512
f6c7c503aa0bef4003c77e618b53d9b36d5841d5567eb57f0b52622590147289b2b746f35b3d14c3bf98078dd2a74df9466b57b646ad356a8742c75ba743013c

Download Submit
memory/2468-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2468-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download