5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4

Analysis

max time kernel
139s
max time network
15s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 22:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
Size

115KB
MD5

38f7aa44f93fd7af05794941ce33802d
SHA1

21a9920b631ea7d8d42b56f00805f3c3351d077f
SHA256

5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4
SHA512

4b3a3dcbcd3b8b5640788aafec774c4be59e53a86ad59cc370341a92d8b6de345fcc0bb4bad6e106388abd54035badfbc6e745bb546abad3f0477556169829c3
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZf2XcqvcY5Y:fnyiQSo7Zf2X3Y

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (471) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2544-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000012264-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/2544-26-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\ImportBackup.jpeg.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe

C:\Users\Admin\AppData\Local\Temp\5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe
"C:\Users\Admin\AppData\Local\Temp\5f00cd6943e89bc11206c33508dc97bfa9775a0d5ff6c658b7b082d6815b3ce4.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
116KB

MD5
162c1750da3a89d4947aa4903914f3aa

SHA1
5eba89b2e0d867c818e065fb47e5b7d3f4f032d3

SHA256
fd091d2277cb2f1cfac0380b7bf56501b6429e0fb0e7a264f40bf2d0262a16c5

SHA512
aed72472da85737fa70f1a0c7817d304295a19f2c13bf73f43d8aacb77960fdc5f2e3566c777d9edb0b6152f475797f5685a89a79c14e4a53a449759a125569f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
125KB

MD5
f6cb7b9d55b901d3e866e219218aabd0

SHA1
ebf3c0e6c4fea5740bba13383e78c39940375265

SHA256
702ba46a245269be4e93457453c4c3ccdc526ef08d411d0e2121dff283bd016f

SHA512
cba176960c41e13a220adbda3b8afcf17d532c82de187e1d2f1e36a4063403da98426b6681dde4411bfa46a663abda54ec821e9c4e9d8581f17fc7b4263166c8

Download Submit
memory/2544-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2544-26-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download