8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
27/07/2024, 00:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
Size

46KB
MD5

3b97c796759fac9dbe7b19611276707d
SHA1

09a9953a52f149c565ada8ec1015500384b4982f
SHA256

8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018
SHA512

28cefc9830e9bc561f313f0b0602526ecc6efa28f2d75a47866976a243ca9595cca33e94ea020ebf4e1c591ff8a5fc3cdec0e3443f7be9b61714f2319ca30c86
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJBZBZaOAOIB3jM2jMO/v:V7Zf/FAxTWoJJB7LD2I2IA

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1640-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d00000001227f-2.dat	upx
behavioral1/files/0x0002000000010622-6.dat	upx
behavioral1/memory/1640-162-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jre7\bin\javafx-font.dll.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+5.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClientsideProviders.resources.dll.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\ConvertRemove.TS.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe

C:\Users\Admin\AppData\Local\Temp\8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe
"C:\Users\Admin\AppData\Local\Temp\8fde963fcbc530c73a51e20f91128b7237e44cca3dde1ac20ef0ff67365e9018.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
46KB

MD5
fa318122c1f812b364d6ad725591d026

SHA1
b553a0fd4d0b49763e7596f5b7cad6f89f904282

SHA256
2073a0171c4042c81d4e5ebdbd34bd37258fd4992ff87979c4aa977b978ca5c0

SHA512
f1894e79ad155dd3a3caf37c8a7bf58aab7c66935a88046e976a1710d5db7dfa986d4d264982aad4e7192a70dedd7cf9ffd8d5b37c4762125701af1848c7593f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
949f23508070b12c44d595f17e79211b

SHA1
362280cffec341efb6c6cf517a15e06394dc7b44

SHA256
69429d8873b5f9e12a0ee2c1e1d66cafa9a329498974ed06f14d2c6c7e9a39a5

SHA512
02a5960c7638045123555c1b1c41ad774df19ae38c6121fbd7c883a1d3ac6897c8ed82fb0ffccc3b8cd77a2f5865fb73867d8c64a9e5aa2c5c02f79af987053f

Download Submit
memory/1640-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1640-162-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download