b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4

Analysis

max time kernel
119s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
Size

157KB
MD5

ce4f2da869e454586dd14313e94ff94d
SHA1

497c88e233c8a4f64e388ebf9005c12885773e4d
SHA256

b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4
SHA512

f06a79124a0e68e9774a1416482e50b90694dc442c2f71733dd73c471b80a448f6729806fde30b66b8c0f840a4c1d27314200706d4b95397a0bfa6b76fd5cdf1
SSDEEP

1536:V7Zf/FAxTWoJJZENTBHfiP3zgn94pWHlPEXZzjUq3th5f6utM5vLNinVmWvMu0bV:fny1tExnQWHIjN3tj6qnv0b2UrXkbvLW

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (240) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2376-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c00000001225c-2.dat	upx
behavioral1/files/0x0002000000010420-6.dat	upx
behavioral1/memory/2376-22-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe

C:\Users\Admin\AppData\Local\Temp\b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe
"C:\Users\Admin\AppData\Local\Temp\b25c746c98360331373da9fb9fc830be1a037ba2f6cdccb7b1296ee20e38a6a4.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

Filesize
157KB

MD5
b5e443da4dfb0f6e2b9b1d031c8e160f

SHA1
884a40b9205a255358f1108af2bcc6f416f87d6a

SHA256
db6305bd595f1ecd727720f6eb05979d0dd731f67cb5c3fc5a59d3e570963790

SHA512
c9f35a52c3c08da6809f27226d264adb946aebe6a3534d9acadf62743dd491a7ede44c1c7f824a2a237330c85685afe0378e9eebce9e6bdc073dc44c1ffe1c97

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
166KB

MD5
55f254f20fc0a805356a1051245c1e26

SHA1
51ff4ca09a3907b78c4e534c99a7cce9b782326d

SHA256
1a630ad5f0b419238bbe09c3270d8cb4ac1dba723b699d676875550cb7ece54d

SHA512
c29eb8fe91676bd9dd37322ad7b6d70523666376ef54b039d5390e7e92404be3f1e63580fc000ad95717e62c0aff2cefc40b09e0461df960cda581ced618571e

Download Submit
memory/2376-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2376-22-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download