f14bf034d15e2fff2aaf12508eb4d706e443aee9c5f5d0a364c1c34d281d6b2f

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/09/2024, 12:27 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60e620cbc9b12a71a8a901e788c87010N.exe
Size

55KB
MD5

60e620cbc9b12a71a8a901e788c87010
SHA1

c4c4f1ada61283d3a74dcdb80cf628b13d2a3086
SHA256

f14bf034d15e2fff2aaf12508eb4d706e443aee9c5f5d0a364c1c34d281d6b2f
SHA512

2d409891b36fe503d4dcff567cbca760ea76d3efb9dae8c7b1c3990ba6861453eef573dac6b246b692ce2399af811d70c9052bfa79bfd969009b09b4d90fe4e1
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9Ro+QOViJfo+QOViJZKmF:V7Zf/FAxTWoJJ7TPUN3G

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (323) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/984-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x001500000000f6b0-2.dat	upx
behavioral1/files/0x0002000000010480-6.dat	upx
behavioral1/memory/984-26-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\ConnectStep.emf.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	60e620cbc9b12a71a8a901e788c87010N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	60e620cbc9b12a71a8a901e788c87010N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	60e620cbc9b12a71a8a901e788c87010N.exe

C:\Users\Admin\AppData\Local\Temp\60e620cbc9b12a71a8a901e788c87010N.exe
"C:\Users\Admin\AppData\Local\Temp\60e620cbc9b12a71a8a901e788c87010N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
56KB

MD5
571784602905f25cd28457c1c95ca1d1

SHA1
2641789b898a27d5cc603ea530825ab3f523c9c4

SHA256
f95a868a34eb5424615c3c9237fb0da1a9ad5ada6dea7964928c30df71511010

SHA512
4bc4cd8919bdfe7d2d40c76b25052d0d3bf55587c7cd454420d2014ee7440b142cfbef27316cb75e148b1fb971f024bd09331deac2f50ae8a3ea0ae2d5e3fa37

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
11e57b3f65962f8d27d7bfef737ff0e9

SHA1
263705fc7f6d9ef0bac20c8f22509764c711ec45

SHA256
61d1449c01c680ce50cdc8ae517dbca34e68fcaa9b3471d4527ee6f5849c4a42

SHA512
d3dabbf66521bacd998859bac52d2a29fa603eea246adf1c01ed8d39072639d11a1575a0ae91163efd57312e416fc210cd1f929e0e749f87e2168d2446d5d761

Download Submit
memory/984-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/984-26-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download