d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609

Analysis

max time kernel
60s
max time network
125s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
Size

69KB
MD5

7265a8571623e538563212b06d4aefea
SHA1

c655b97f2461b931b3f4b10421c42fa1749c1ed3
SHA256

d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609
SHA512

4de964d224979ddaf2d6e5d6356ec91133f43902971200461b19d300b399f7e723e4e1567979a41f142b3cf2148a6e926af14b19a6fb51a0bdf2c7296d83ebe6
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxc:fnyiQSoF

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2240-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/2240-58-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2240-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2240-58-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\CloseNew.lock.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe

C:\Users\Admin\AppData\Local\Temp\d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe
"C:\Users\Admin\AppData\Local\Temp\d1757ba7eda0334e7823a9cb8c7b469972978f6db7cc95887b28d8f4ee984609.exe"
1⤵
- Drops file in Program Files directory
PID:2240

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-39690363-730359138-1046745555-1000\desktop.ini.tmp
Filesize
69KB

MD5
7fd1caf84c60d607838bc77a4e12718c

SHA1
f04e3ec70e73f0b1b3a15486c4ba40bd20bf81f4

SHA256
a134943e297b74320df5a278e7eb3b306ebcf27778c2702ca83295471a7b6202

SHA512
7dd22bbf22213086c960abbfe53f0922f3d8b4024ac427bff84f6ed0fc1d88a5012924810033112565c02c30354e2000ea1c6e2dc8ce7f9db68b29480b9c34aa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
78KB

MD5
272369deefb13d8f5e1f636f4320d772

SHA1
680df242de800c086c15cd6bd463abce3cd54a89

SHA256
bbefe7a012e404e003b9a2b445e95729dbc0604f45ece44f5038ee6fbbd57a8b

SHA512
42724ab4ecf9b60db7d4c6806171db2d0dbb22e7b06eec9e686e4742944ca0e44f247f1df73d8b3ac344a3e6c518df0d589bb8bdfe313a36fa8d69552e18a943

Download Submit
memory/2240-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2240-58-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads