e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
26/08/2024, 04:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
Size

56KB
MD5

3ac8475403bd96bad85ac9f6d40ef24f
SHA1

f6557785c6305e5679d31a82a995b61fcca455ff
SHA256

e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7
SHA512

014f76d1a67228ada2dc9efd37e07239459bf1c1858131ecfdc8586373e79319221f7824b214a8a81bd47731496c98b8fa44d18a18828ff73da8c8c47df09c5b
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9RJD0x1E6:V7Zf/FAxTWoJJ7TtD0/

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (812) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2552-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000016d58-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/2552-20-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guyana.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\ExportConvertFrom.sys.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe

C:\Users\Admin\AppData\Local\Temp\e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe
"C:\Users\Admin\AppData\Local\Temp\e6d742caae25ae7c6896ea123f80e371a0bc6bed1165fd48775c595313a931c7.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
56KB

MD5
cddbb2f2e8a18ba7e8ab6f7d8178491e

SHA1
6264301b1c94bdddca009816c672ca161bbaa52e

SHA256
5f112b8d90746b794a0ddbca311288b6b8ba1dd0112ad9c96037913d5ccc1b1d

SHA512
1a3988d3238722bd8bae5da80972420e530ea81ed137168da0f30e11e70f74881e66e337e218e751ecc4d290c082522c3facf8585a52d8f7d7e1be2de9addc3a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
1344990cb0ec930a56b67bc1caa62372

SHA1
ab2eac58b66d1b134c4f29dd510b2fa981425431

SHA256
2266c41e490cd7f4768d4df6047ab119623cce9f15274bef3d30c71fc7c7b509

SHA512
ec74e88360fcfdc806173965003a9f3cf317619b88094ce35d94568bb8f29dd7a88e33e0abd9f1f784f8b877e366612486bf7c8201cc31e364681b913005921e

Download Submit
memory/2552-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2552-20-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download