d1a1b608a7ad20614a8b42e42f35604e931a14acf4525c6a8f1d142db3785f07

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/08/2024, 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb606a239dc817ff0adfd5a4bf855d30N.exe
Size

59KB
MD5

eb606a239dc817ff0adfd5a4bf855d30
SHA1

5b9fed481d289662b8243867a14a44e117fae0e3
SHA256

d1a1b608a7ad20614a8b42e42f35604e931a14acf4525c6a8f1d142db3785f07
SHA512

c46c6d3d23f6132a955a75bdd467c844e429d70f13741c58e46b9171b6f0a00f3d52580713f2d7980745fbe602824c3925a95ce6d20fd2c431a86b33f18d7916
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKF9ADJc:V7Zf/FAxTWoJJZENTNyoKIKM2

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (383) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2296-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0004000000017801-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/2296-26-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\ClearSearch.html.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\EditSplit.pub.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	eb606a239dc817ff0adfd5a4bf855d30N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eb606a239dc817ff0adfd5a4bf855d30N.exe

C:\Users\Admin\AppData\Local\Temp\eb606a239dc817ff0adfd5a4bf855d30N.exe
"C:\Users\Admin\AppData\Local\Temp\eb606a239dc817ff0adfd5a4bf855d30N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
59KB

MD5
cac2f3841502087e49cddb7d9c8d5bbf

SHA1
8f2bfd792c16618fa6e490308c5b428bc9714c2c

SHA256
0e3fb9895a3ecb1cb3c6fc15f83c734bd6db5429df02f3ed96de093ab252e5cc

SHA512
7942accb33c2d5e14d8d1cad5a4c7c84cd99357fac8a099e9f6a355c846abd185c479e44ba8885cb40ace9d9fe3c6df66b9aeef084d49c2919cfaa766dc6e548

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
68KB

MD5
af5730e3791554ca87019adc16d3baac

SHA1
fdf0d94f3a5c84c9797e0b833f095730f5100eaa

SHA256
ef6b47f808ff4b78d58d72126eb5cca6f9b00b057f198a9cf0f785cf03ea5d52

SHA512
5e0a1728ad32c0d060a0a6151abf42e586e883311f68eeeacba79cff2e4f961e23d6d9cbb8fe11626c690dd8051a5949bc31b876055b5df1a1c880261e2a4e22

Download Submit
memory/2296-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2296-26-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download