ff116fbae94c68ae259195e1363a7a7112bb5ee00931c6f33b4e81fb46be1a02

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
28/07/2024, 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e2778ec2fadbdfd007b02b56aa15da0N.exe
Size

43KB
MD5

2e2778ec2fadbdfd007b02b56aa15da0
SHA1

0f89243cec220267ba352aa98d2c7c9167e9086e
SHA256

ff116fbae94c68ae259195e1363a7a7112bb5ee00931c6f33b4e81fb46be1a02
SHA512

8c13f1504a0545968fb3440a37ec649e287d2ceac514dafd817fcf47d01e8386d3aab4c05c68238a2562cb5f41e85567f3a8b40814ad50d61615674965659a24
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBk:V7Zf/FAxTWoJJZENTBk

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (1727) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2200-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a000000012255-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/2200-138-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_ja_4.4.0.v20140623020002.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Moscow.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp	2e2778ec2fadbdfd007b02b56aa15da0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e2778ec2fadbdfd007b02b56aa15da0N.exe

C:\Users\Admin\AppData\Local\Temp\2e2778ec2fadbdfd007b02b56aa15da0N.exe
"C:\Users\Admin\AppData\Local\Temp\2e2778ec2fadbdfd007b02b56aa15da0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
44KB

MD5
63b7ef450c744b2d491d119422e85633

SHA1
09b144c901c9de8f96898dfa94c336b14e3cbf80

SHA256
2b7c8ecb4d228faf4a91164200ab676568500421b12eef410234df2c988cd3d7

SHA512
3ce824deafea2ae9273f568d28c24e30158e20c0f8107de02d8755c14baef84b02b32342a23e59f0e0a95d34909ba5153c4d2ddcacff9b20c38d0558f2ae7028

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
315034ecb8b9810a93f97c3f3375c84e

SHA1
46e7ce2bf8ef3cf2d80f4e3454a8278ab039beac

SHA256
67194b52dee62dea5209fa8bab406d8af8919ceba1a52130ec2a85ca57e84f77

SHA512
49fc6ecea8e2b81630914691842bc9c277d5b80cdc28fb0ada29886c4b3f400bb27164784d23051c2a0b02aa496299763f7d70b75e9ec0f4b14c47c2e4255a8f

Download Submit
memory/2200-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2200-138-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download