6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/11/2024, 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
Size

124KB
MD5

537a6a752995846cb063f20bc44bfa09
SHA1

dbfa26e789cb44dd0e9b035accb34c583c93bbdc
SHA256

6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7
SHA512

6e90af2e5dcfc7751e6ca534cc4ae7c0171b93324c130bfb7cb11fbab9c5eb5a13a2e5ca1d6bb38fc46a2c56d76c2adbafa65218ce5cf5102ae4c960b722cdb1
SSDEEP

3072:fny1tEC9iMGfUSaOy9SnJUwFU+FUhFUeFUXFUqyqKRrpF6Pw1:KbEC9iMGsSaOyig

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (306) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1852-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b00000001225c-2.dat	upx
behavioral1/files/0x0002000000010420-6.dat	upx
behavioral1/memory/1852-26-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe

C:\Users\Admin\AppData\Local\Temp\6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe
"C:\Users\Admin\AppData\Local\Temp\6cdeb54dc7b705e34d587827440f73b2f5c6e9b04c642e9857e651bfcf7549b7.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

Filesize
124KB

MD5
c721ce79400d20c0bdcf1fa648c678c2

SHA1
f53bae67c183420208d0a6d27e9067e830142809

SHA256
2e09ecc779be6adf17c87c9a80d315a512982b30189c367f9a663c756fa87e9a

SHA512
43e8d2c6e1df71fe4cd9c361b94f74426bf52e93292ef6a8aac8d9886aca1cd387171f9f000e3f19f508acf0e3b0b12dd90632330e3a76728c28fe5a27f89898

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
133KB

MD5
9e8d11e64460c72eb6694981bd65f33a

SHA1
a60574409802fcf23fe168d8645011ffaaaa557a

SHA256
a64d13b80b2277bde98b9b02134dd0c6912fa83324ab45a479b32ab3df9c557c

SHA512
4ee761fb2ff26375cee9924560174408621fd07e57c916845ccbf329972fd9039e146248c879e1ae870d82cf07a2e3562515f588851be7d71f639d87c2cdab6a

Download Submit
memory/1852-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1852-26-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download