d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
Size

57KB
MD5

d009b76851106ef884e8edbda8dc2780
SHA1

c09384b00d200846d72d40cd2885be8a68b9f073
SHA256

d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3
SHA512

593ee90e0791eb68d48cf25e44cbd5302ce20ae8356002653b49e208ed1bbe8d0f0623a6d77a36b0d55d877d91264561c90803f1e68f2980d1554f32a86b7803
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9MEX:V7Zf/FAxTWoJJ7TyEX

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (405) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2120-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000012250-2.dat	upx
behavioral1/files/0x0002000000010480-6.dat	upx
behavioral1/memory/2120-26-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveNoise.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe

C:\Users\Admin\AppData\Local\Temp\d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe
"C:\Users\Admin\AppData\Local\Temp\d508c4d98099aeacef301eccd4f51d65f5cbbef63ad9ed4773ec3e0825168eb3N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
57KB

MD5
1086066ca2726c9eb8372233a630bdba

SHA1
18b69c81e296d6574ec6c655ecd470c1e2f1d097

SHA256
831102b793a827398ea712395e0b985d0bdb07c21a96577473f9a5136e18ff51

SHA512
df09a45eee934afc80ba9ca614c38e3975e8c3fa20e7c28dd8ad9212312e6b92ca0dbb5927800767a895958a336875533e5018cff0e7f42fbd0b1cc5cdcd680a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
504135322d756aaa52e8afda6a784233

SHA1
0dcb0ea6e1f7db66a5b691f5f066d3727f85c78f

SHA256
d466ce03d8f7139f85360c6d63f936a592b1671cc6301206d1a1af98ecc375ff

SHA512
a08934d3e470f026fbf8292e8e5a8c25cea361a5c826eb9143bd9beed43748b5dff9f985989f6a8e118b7b8cf7590cff475cb04f07aa8958b6de512595ffa3dd

Download Submit
memory/2120-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2120-26-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download