31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
Size

50KB
MD5

bc1168de1f1f89befcc608f29a6b1c20
SHA1

9b940a1ea4f4423a77f4094fc27eb7bcaab4fb26
SHA256

31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8
SHA512

df91bb05cc31ae39f1194137b8ac196ddbd18be2bdaa955f5435f20cab55dd3fc9f133571bfc830d161973f817964eb491ad1568f7790041cde8c91fb72aea98
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9ARFRX:V7Zf/FAxTWoJJ7TC

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (340) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3020-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d000000012251-2.dat	upx
behavioral1/files/0x0002000000010480-6.dat	upx
behavioral1/memory/3020-26-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\ImportRegister.ram.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe

C:\Users\Admin\AppData\Local\Temp\31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe
"C:\Users\Admin\AppData\Local\Temp\31f394aba7f3b7a210ef6fcfe6dc4a5a8215b63e602f402d220a3768a8d2a3e8N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
50KB

MD5
bba5e99a079aa34e2327a8c099bda0b2

SHA1
e4a8cfff74f9f263c7f2cef129beadb4bcd54b48

SHA256
1f2106e999ee93843fd6f9726e380731ac452a7655f37cbee8e11226aea429fa

SHA512
35427ba806efa54f38562c93ca32abe01ca5565a5edf0a20c300677c2451125a5dba4aee3d411c56862ada215780cb414d9046f4e770c7425d6ff8027dfc01d6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
59KB

MD5
0d7b5747f52a3bd8a3dac075adf93098

SHA1
d24c47b2ed3fbcc2cda68df2c7f89fbb402036d4

SHA256
4c9024997cad9b3b8a6eb799c5da84c837da869481a925536855bfac1c5cbe7b

SHA512
71ab06bc92815c84296254134b0e818011be4f20aed7851637b45d6ebca0661acb09ce2578485a62b1ba3994a7ffff0312b7dce765060c03bd3f82f99735e6d8

Download Submit
memory/3020-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3020-26-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download