0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
29-08-2024 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
Size

77KB
MD5

0dc26638c21b42dc6b6bb66964bb6a30
SHA1

962c2ef338157d67d87c65a1d20ff1670ab7c6ff
SHA256

0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0
SHA512

3a463975091b4b6dc59be390627d1b29e4f3e274728abfcbb9042f2ff190babfd08e461d20c45d01b87654a622142138b0abb6b25e638726ef881b5deaa37e06
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rl:V7Zf/FAxTWtnMdyGdy4AnAP4W6t3

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (842) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1948-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a000000016b9b-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/1948-22-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\GrantSearch.jpeg.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe

C:\Users\Admin\AppData\Local\Temp\0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe
"C:\Users\Admin\AppData\Local\Temp\0241b43f628ba3b61fec5143648a55420312f8a1553a740853ce89cf4e3201e0.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
78KB

MD5
947742f1cb3b8090208c544a86d1add3

SHA1
daffe3211ad935455a333f28fc8d3a207df9408d

SHA256
e924084465f9347f1924ca17421c2b99a2343609eab7e865767205bd4f5f9933

SHA512
2b95e10c680fcfd46a5bb5c4b7a0c2d5fc5f3cc9d912c34915d8334b5a31f7bf1c5643094ebafb96b54f62db018c42c9c91637f4a84f811c2ddb94ed13d96ced

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
87KB

MD5
eaaa5a9d2d2d15891e2f79a635337415

SHA1
5744d0fe72660f6cf77c963b4bd31485acc4bf1e

SHA256
fd80fc51588a0bfef42a99adb7a515bb9f7c9bcb3422ba64d97c90c249edc2e2

SHA512
9dbf81f85f8f5fd028dc2d4f3d4245b2edb97d66a1261a786c0d27ba1aa4bc78ca74b5b76bea008be4fce69b91aafbbdb838dbaa2fbb8531e29ce373edd0a22d

Download Submit
memory/1948-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1948-22-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download