5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
Size

100KB
MD5

5134834aafeec02f81139c31c6c37a00
SHA1

d4a0e5d571fb29a5a71e2395c227c9403d624a3f
SHA256

5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574
SHA512

070d9fdbc00c9b2f123709142ffe3c7b4c3c6f9ce326061a09f033e1af33c7a6914ef5edfc02509d9bf4ff490abcf6b291c4fe78dac9fead1062e098b566d84f
SSDEEP

1536:V7Zf/FAxTWoJJ7TuhvWlhe+eztEJeGKc3r+hGjPSrJfDd:fny1av6wxEVryGjuDd

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (326) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000012256-2.dat	upx
behavioral1/files/0x0002000000010480-6.dat	upx
behavioral1/memory/2368-26-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe

C:\Users\Admin\AppData\Local\Temp\5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe
"C:\Users\Admin\AppData\Local\Temp\5cc5ee4660114500f96aa468280711aef6e50797f9dda052a0ab2b9edbf94574N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
100KB

MD5
4b28580862c27e7092758b8c683751dc

SHA1
0728304eeaeb0965b93b31a63bec4518fb9cce1d

SHA256
911caf3f77f5a188ce7ae740313cb5fb76a675d41f62fbb259e77a3ab9ece77b

SHA512
43b9c3ee41b91de90a6ceb19a1047c7a382dd37097c6da8993c7621e3c915e26b1583d1ce5f5b0acd44608fafe291fab0ed56643bc00019cd51b51cc01d1cfa1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
109KB

MD5
c8a905084624138f06c06243e46ced8f

SHA1
491068facdcb4ee297cea42fa8e095f3b4284f2c

SHA256
d5668fde8467b3847b613f38de2eed58ff7a2f340ce7e72de044d57b7a7f2c7e

SHA512
800b41fcedcd1cff582dac324faa78beb05238c6ceb9f42461445ddce19b780a6610d04ef4a07971a4a18746093c9e2c96a29d5dc983a02fb2ee3ad79bd5944a

Download Submit
memory/2368-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2368-26-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download