8c88ace5fd39d30dbc0ffd64a37af392fd5fce4c03dcb2feeae94a04a9a54361

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
28/07/2024, 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b034e368d7831f0501f70ec25e0b3a0N.exe
Size

46KB
MD5

2b034e368d7831f0501f70ec25e0b3a0
SHA1

84b6b261d9027a22746de25ac9e33f175bc0ee40
SHA256

8c88ace5fd39d30dbc0ffd64a37af392fd5fce4c03dcb2feeae94a04a9a54361
SHA512

44ab12f5c3c502bd39f06a31eee50213bb6cc601aa0fc1a08655d4f744581124fd7b689dfda209bac0feee37b32d3eab8ac5ba2d326e158d4a8f91142276c469
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJBZBZaOAOIB3jM2jMZfL:V7Zf/FAxTWoJJB7LD2I2IZfL

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (2773) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3064-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00090000000120f1-2.dat	upx
behavioral1/files/0x0002000000010557-6.dat	upx
behavioral1/memory/3064-160-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\CET.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	2b034e368d7831f0501f70ec25e0b3a0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2b034e368d7831f0501f70ec25e0b3a0N.exe

C:\Users\Admin\AppData\Local\Temp\2b034e368d7831f0501f70ec25e0b3a0N.exe
"C:\Users\Admin\AppData\Local\Temp\2b034e368d7831f0501f70ec25e0b3a0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
46KB

MD5
2d0c24bfbb2e82e134e32375d7d372e9

SHA1
0719b0ea156de264270601fbcfb7011b6e16a45c

SHA256
771e07e6cdacd481d2c5031041d44dcec334f9379471a75d78b74e64a1292e23

SHA512
d8e27810f67f58925bddfd6ac405c24ca00b3f9dca9422be2d670c1851b8d2f0c09f52221abdf5a48f4518ddd92ab4762ec8a1f2a8007eba1cfb180ccad5c37d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
cb2dc273ab78e2043d0f4a934ca72800

SHA1
8977d63361ab3cf4256470775d376f0e84a1fd5d

SHA256
0d6a513666771f8a43cc1df828f876d3683e6fe5593c2ba169d161e0f8d40fcf

SHA512
7bc7556a7a2df9365b83bff16790153d021d21d82d6574ae8599cb606731a06d1498d10c6d6e93bed52abaeff259497405b8ee647187c83a5ab7907e8ecc3fc5

Download Submit
memory/3064-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3064-160-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download