a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
Size

92KB
MD5

5dfddc6a4610fd86178c3b199111d232
SHA1

d6e1a213d66f1557f056bd355e158bf66689b0db
SHA256

a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a
SHA512

7c4bedc21f97924c873d47dac53e9b1c294724970204b411573a7129e9bc6da67a06b01322bf0c63a8b87c21a3da6b9324bbc14d3c580304278b262679074c25
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsJOLKc/xJtLJtTGKbq:fnyiQSohsUsUKCG

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (575) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2984-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000012233-2.dat	upx
behavioral1/files/0x0002000000010480-6.dat	upx
behavioral1/memory/2984-18-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe

C:\Users\Admin\AppData\Local\Temp\a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe
"C:\Users\Admin\AppData\Local\Temp\a7896de3e4fe9a843135677d444a82bbe592d094d4ad2f83da31c2764964623a.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
92KB

MD5
01e8514b411856a3d571653e7af52541

SHA1
11019e93b4524853bfb2e99de1e578aa4423762b

SHA256
4521d8ceb23fbc32fafd42458a1a4b623da751b63b5c6e2a12407c5ec15a0064

SHA512
f52c23d07c7c92d7aee83e22d7d2279a8f42c30b82ee31e69e6797d6459bfc777de24b5304df20fd867f10501b6f656b35e819da6b4cf331512e2a51e95c7e66

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
101KB

MD5
561e95bb68e7c1efed549f51ce21624f

SHA1
165b5bba7cf08a8e8d2159887dae27810c25a694

SHA256
934b691a35f72bac942833eeef3057909f7227771b996ec2b3e30565ba51eca4

SHA512
a1da6625f380b6a3ded0499662e9deeb83dc0c67c36e35db3d0bd28aecee4ae225aedf19b807bbbc2d89d063f0259fa2076d22a42f93355f392de77a748686f9

Download Submit
memory/2984-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2984-18-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download