8c084d95ee734c9ea0f4b3cd628f4b0fb9c9321f0fbb1560a46120ff8111b659

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24/07/2024, 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45b2f4f78f4218b517124d248e520180N.exe
Size

32KB
MD5

45b2f4f78f4218b517124d248e520180
SHA1

06d815da3915f759e3733a790a8d055694ee0da9
SHA256

8c084d95ee734c9ea0f4b3cd628f4b0fb9c9321f0fbb1560a46120ff8111b659
SHA512

d3427ca9214f06646233c254c7ad4c14d0935c3420b827252c65bb981eaa4480dbf1d785d5198c478d698484f54c2e965977a185cc2492fb3d812f2d1890415b
SSDEEP

768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeinv:CTWUnv

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3141) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0008000000012119-2.dat	upx
behavioral1/files/0x0002000000010667-6.dat	upx
behavioral1/memory/2368-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jre7\bin\jsdt.dll.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Budapest.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunec.jar.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\La_Rioja.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp	45b2f4f78f4218b517124d248e520180N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp	45b2f4f78f4218b517124d248e520180N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45b2f4f78f4218b517124d248e520180N.exe

C:\Users\Admin\AppData\Local\Temp\45b2f4f78f4218b517124d248e520180N.exe
"C:\Users\Admin\AppData\Local\Temp\45b2f4f78f4218b517124d248e520180N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2660163958-4080398480-1122754539-1000\desktop.ini.tmp

Filesize
32KB

MD5
e1dd2a6bcd230b564fb65a2dcb28930b

SHA1
f1999751ec31c922d0115e5622fb3d26cd83030c

SHA256
1d3b4ef1fac41ef23ec5f0925de32ccc68e5d3460087007b94418372c45dc2f1

SHA512
1651abf3ebecbfb0ee58a57e35ee357aa17b3b41368d05788046cad89d3317e162c85e6586f1b33941129f3c1df97f522207ad9027d44d7accefa2d5b16c3e0b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
41KB

MD5
748003bf8e2b154290f3cfde88b15590

SHA1
4729521e0eff2ad0a520a05d463558a31f95ce49

SHA256
b24522c1797ad353de14a5c27feaa9f60b9af0db3c37d87f28d031d5ade1dc99

SHA512
2366353a66b2f4434f52ff7ed2c61a5e92484f3f22622bbb686c89c2c8078812f112e50014a560ba28de6afc16b0e4668d4fb4e11c39546693aaaf16fb3c0ac4

Download Submit
memory/2368-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2368-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download