95668b1e4ddce8f5703e7f85600ab68a00780e875e66c73bba1b3b3483d30a7c

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
26-07-2024 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

378a82d02ea15f414fa4063fac68e780N.exe
Size

102KB
MD5

378a82d02ea15f414fa4063fac68e780
SHA1

319c42af1b7b41a436fcf2fcd82278e2e46b36f9
SHA256

95668b1e4ddce8f5703e7f85600ab68a00780e875e66c73bba1b3b3483d30a7c
SHA512

b79e88ae4842ffd004baeff2fc3d2d88aaba21fa97efd5bd51c459000b855ac1b955d5ad79c9cb2806432212641c8ed9780ff22590fb71ea2d0d9a3596c3f696
SSDEEP

1536:V7Zf/FAxTWoJJXV6Z5P4xHsthhg/G5ukR+7bHl4vaMPpxIjCTk6G2KZ8qoazwbgi:fny1bHg

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (2697) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2436-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0007000000012118-2.dat	upx
behavioral1/files/0x0002000000010489-6.dat	upx
behavioral1/memory/2436-242-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Los_Angeles.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services_3.4.0.v20140312-2051.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_ja_4.4.0.v20140623020002.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt_0.12.100.v20140530-1436.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Swift_Current.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	378a82d02ea15f414fa4063fac68e780N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	378a82d02ea15f414fa4063fac68e780N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	378a82d02ea15f414fa4063fac68e780N.exe

C:\Users\Admin\AppData\Local\Temp\378a82d02ea15f414fa4063fac68e780N.exe
"C:\Users\Admin\AppData\Local\Temp\378a82d02ea15f414fa4063fac68e780N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
102KB

MD5
b3b1da0655754aa167f0b6ac375ed588

SHA1
1a3bc2df93101cdd8d67df056141dea018e44593

SHA256
80a08f468444abe45da608d773992c1fa0f55db1bd70303445c30c3f39a17e94

SHA512
c6450538db3a459f4f2ec208a72ef004f17e0f173723e78b51f240b3025af7342c69303d9d286e4f54b7dbc44f44a107d06e46ad7e03e2ed831247dcc5dde3a5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
111KB

MD5
1077eb6fce7c2da676402c3ebf973bed

SHA1
384ba527eab2c7f6c4751c1245a61b460074d181

SHA256
33ea97af44f366673188e015b2f4877a4ca825281e11894680ddbdb18053d8d0

SHA512
e44e7412d4dcc721006581ee16f422d27f0979188a73db044fcd485b006fc1ac667f5f61b93c04515d16278adc58264fb4b53f71d90572ed839de02c8f19f5ef

Download Submit
memory/2436-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2436-242-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download