1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ec

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03/10/2024, 03:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
Size

104KB
MD5

d0d1e0e9ec67f3e49ed23941b8bdc980
SHA1

0627f0e3148ac89d9aae19da5927c3161826184c
SHA256

1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ec
SHA512

e407e725b5d4cb214c51aecb11e22cd471cdac5263ef94e11ee3387de4e03d48ba76c1dc91a6536ed62eae67628e53853ff30889e42b54d5321b7772a5fb133b
SSDEEP

1536:V7Zf/FAxTWoJJTU3UytJfOYTW7JJTU3UytJfOh:fny1hf

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (328) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2752-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000012233-2.dat	upx
behavioral1/files/0x0002000000010480-6.dat	upx
behavioral1/memory/2752-26-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe

C:\Users\Admin\AppData\Local\Temp\1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe
"C:\Users\Admin\AppData\Local\Temp\1f65de8df7e6694a9e781f3de8bcb04e4b38f413ae7c19343bfe673ba3ee56ecN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

Filesize
104KB

MD5
1f9da829047fbb72439d6d026adc0584

SHA1
75ce968f7a9e7262963dddbdcc273c83f4987b9b

SHA256
abc626857ca839e3f3c5ea9a97abb1cd17f314b7e0be074cc64799cf6f03f1a3

SHA512
4d51d9ff657188f37e29b7a8d987df1bf9fcb1af0b4a5efe5841c7807c2965450cb8d1b5633fe7cf1468280f4f01347a06a0a292ae487ec3a81607f2e149fe00

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
113KB

MD5
4ffbdf42f1ab328a94ccd2ceb0cfb816

SHA1
3275faa37a2689691a63713233b25e4a0439c732

SHA256
0b9c951cee8c8011029895a79a768420b0da64ff7719e1ff3759f3bee8cc7db8

SHA512
f58665078c76417fcf82950c13d4698d98865b76c3a62ff8725ddbf7a9d9d00bbd1d0d4058251c7fc46e8c644f7d77e53d1d5026fbd3fb997602fc89e366b13c

Download Submit
memory/2752-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2752-26-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download