b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 22:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
Size

1.2MB
MD5

58db060ed58630030937ce930515c2f1
SHA1

38e429a8a15f86267b89ed93db96c4ee56cb1252
SHA256

b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8
SHA512

2ed1460c83654c1dba33183188454da12ae3a9b4804a560505a58857abac1337115db18ea94b559006f0e0b30b9568839ac1bdcad8a7e7a9e90232819cdf01f7
SSDEEP

1536:V7Zf/FAxTWoJJ7TTQoQmoNC4CuTW7JJ7TTQoQmoNC4CoYJ:fny1oRlC4CtoRlC4C5

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (333) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1720-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c00000001202c-2.dat	upx
behavioral1/files/0x000f000000010617-6.dat	upx
behavioral1/memory/1720-52-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe

C:\Users\Admin\AppData\Local\Temp\b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe
"C:\Users\Admin\AppData\Local\Temp\b328f44d6eb86e6513f238b514392d4d89978bdba22da7f5eff65e0c5eeb74b8.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini.tmp

Filesize
1.2MB

MD5
274ac0955eeb7b3f9e573ca91be74ea2

SHA1
f10ff045d6f6c661eef1afbf3323d3d9cf56c375

SHA256
ac476421737fc0a5cddf1bc9d0048305f3182898e36e1dcec1531f0fb1257e57

SHA512
db707966a834f220e4722b9409a911b5e4cd1f8fb37bc69c5965418afbfe22bfa6ead24f7b7c9b0f179ffd2088b19f6bcb654f083afabd357a6a99e2481cd665

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
1.2MB

MD5
ea8696be12be4eb13b917047c21627b3

SHA1
b06b83c76c2aba1676a07c91eff03c16ae84183a

SHA256
32f59d68459762a23b5136b9729d0341c4fc46cd93f6f691409989b6c045a673

SHA512
9d96fdd3a4be6c2134a10c66cd22da0a95d4cb6b86d742f579d78c7fec5f46427f1b4427a3bd6fb4138ef307319ac2b9844efdead48bc6a0cd137809dc90a4b5

Download Submit
memory/1720-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1720-52-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download