9ad7c2ba6208aaceb177fccedaaf050fba8f3593a603c99cd74cecff538b542a

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-07-2024 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6442acd1b6e7948c1d815cbaf884fa30N.exe
Size

56KB
MD5

6442acd1b6e7948c1d815cbaf884fa30
SHA1

3b9071f95703a76a91df17c1ae8721545cb3054b
SHA256

9ad7c2ba6208aaceb177fccedaaf050fba8f3593a603c99cd74cecff538b542a
SHA512

8e63032411cfdbc4b5d109c5ad4fab951e2f36e7be21572e96423124b60f8c651f889cde960a1b3ff0e9a8ac77026a24ffcd64928a1e6c422158c9b554a2c132
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJTU3U2la3F53F5CxHfT1bmRmv6RFW1PF8xA/U:V7Zf/FAxTWoJJTU3URz5Uif

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (2840) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000012286-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/2204-386-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director_2.3.100.v20140224-1921.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jre7\bin\policytool.exe.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	6442acd1b6e7948c1d815cbaf884fa30N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6442acd1b6e7948c1d815cbaf884fa30N.exe

C:\Users\Admin\AppData\Local\Temp\6442acd1b6e7948c1d815cbaf884fa30N.exe
"C:\Users\Admin\AppData\Local\Temp\6442acd1b6e7948c1d815cbaf884fa30N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
56KB

MD5
5e56d8115c4d0caf3e11ebd3defc12e9

SHA1
2107d69248f63547096cbad83c1e5e61c8fc060b

SHA256
da697cae95f9c65c356500f908fd26f893015bb41fc1421ad493f2b82d24d0c4

SHA512
67b08f4f1c073d839dd7034f8790c7906baefea3fd416199ef900f1ce6ad60990108d8e35031cdeaee20e716d65219cf24ad15f6ad3eeed3099f5d3e41fd13bf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
bbb0a637fdfeafa224bae8e21e4692a2

SHA1
6e33a891d4684cdb48eab6031c04696b7fa74600

SHA256
aa0707c77a2900fd0d826364725dc87714423771470265c908f331448d691666

SHA512
24d8efdabe24278f06b8ff2bba04c8839b82d40fd802cdcac65c649c20075e991e7964cfd6740af9d9f922420076887249fc7e00b71bf26adda4b63eb78a80e0

Download Submit
memory/2204-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2204-386-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download