59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
Size

83KB
MD5

a43f6b61103eef3170b80a11bd76b3f0
SHA1

785f5b64da5a8ea56e8d9d1188f4a63b52657de1
SHA256

59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0
SHA512

ad2c67882fd88896c18a10e1228d489eb149c532c8cc51b8acbffa18bfb654f24637e2446e86502e5f07c85b9d85dbf6d022a634608e6d0fa2cb7fa39a7e5c57
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5C:fnyiQSox5C

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (335) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2708-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0008000000012101-2.dat	upx
behavioral1/files/0x0002000000010480-6.dat	upx
behavioral1/memory/2708-26-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe

C:\Users\Admin\AppData\Local\Temp\59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe
"C:\Users\Admin\AppData\Local\Temp\59a16aff8fd7bcf2754486819258fae636589566ba1d727bc3fcc161f9e96af0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
83KB

MD5
c31b51e57c1a5b2606ec80545597db1c

SHA1
efc4cc42d622f91f29c1c1d88b7254d304e24e17

SHA256
923eabef33bcde99426dc9a04aa24154bf161f343a23f87c5f42be5a7a9faf50

SHA512
8b6da786fd7bde9558b334c4e4530e2507d657a77c19f263bfa4bf8fdd409f308f9df690485b6ea0efa704488fc979efee0139ab05d418dd2e630086080fbc86

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
92KB

MD5
f3bd5b0efd634d544da9099ff08d4668

SHA1
2df483df0b0f9c5721ef444a9ddd083cffc7dcf7

SHA256
c9355c20836f34a129aac2d03c6fa5f9e2c2f6ada6a6916d6a0b5e620b958f8b

SHA512
1773ed5887221a47f7000d4c37c7ee388ef24382e0991fe23671b29b4753c7a62356edab82e65398bf4ba2a6006297315e99b1116b262181262060b6c8033d4f

Download Submit
memory/2708-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2708-26-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download