c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbd

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 03:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
Size

44KB
MD5

2bca05fe80222eb6d689e13e92253940
SHA1

bb843fc8e5813563e7807d96940469d762031a86
SHA256

c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbd
SHA512

bd8dcbbc20ad5d67096c0b76682ce49cbcd3e25021aa9f7550d10d6fabd5305ac386abeeb60546f6cd73362608c42ec758e88d5534008c86e8caba4d1346ba79
SSDEEP

768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKvh/:CTW7JJZENTNyoKIKJ

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (339) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2088-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d000000012251-2.dat	upx
behavioral1/files/0x0002000000010480-6.dat	upx
behavioral1/memory/2088-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\ConvertUnpublish.wpl.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe

C:\Users\Admin\AppData\Local\Temp\c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe
"C:\Users\Admin\AppData\Local\Temp\c181148fee48b9babe26ed71afaae08cdad5f022b55d9a32b66ce90f9dda6cbdN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
45KB

MD5
e8455a91da717b8e8b95ec5b971a062e

SHA1
0e8a696de83d36a838066f6c7e6b586e59e9b834

SHA256
f023bfa3e6a13df8362a535af855ac49e451ae79ded0643c23d13b462a2d1371

SHA512
8313b5b0532ea25264615a93f81908d68eaca4b4bd98ffe097c4d956804f3b27bc2dda7244a8327dbb0b234b09fbefae0dd96ca609dd74d02d7afd38fde0635f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
4885cf1f41e5be02d1ec271b3562ba89

SHA1
554746cfa0c2bdf815afb165b518378d1dabb646

SHA256
0dc8b6d2da267426584d2b48ef1a04d57b8f41b201e2d4db9780aa7e642ecbc3

SHA512
f6c88081e705f352c751995616ca8036fe3c24921ff268d55d56fc707a89438c08b2a1b8d24128b205b3070d75f83e57b0ea48f99d1c786b8dc79318cff2c08c

Download Submit
memory/2088-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2088-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download