b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 04:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
Size

33KB
MD5

854fe754268a309ca7172105f30fe192
SHA1

1d8fd6f5cd9eabb4828d4520f35e9ed02cbd9392
SHA256

b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603
SHA512

6921ba0dfee2e1495199cb6fae9aeafd53c16b1870b1dbb5561df7fd2d82252594781f0b91cd3688b6411451b42e75259d33ed1b3f8a991592db593971d3487a
SSDEEP

768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATNyHF/MF/6m0mdneJEWJEHn:CTW7JJZENTNyl2Sm0mdneJEWJEH

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3952) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2404-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x00090000000120f8-2.dat	upx
behavioral1/files/0x0002000000010663-6.dat	upx
behavioral1/memory/2404-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\localizedStrings.js.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back.png.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\gadget.xml.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\ENUtxt.pdf.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)greenStateIcon.png.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_sml.png.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\settings.html.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\micaut.dll.mui.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Flyout_Thumbnail_Shadow.png.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libfile_keystore_plugin.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\info.gif.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_settings.png.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_flyout.png.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\CANYON.ELM.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png.tmp	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe

C:\Users\Admin\AppData\Local\Temp\b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe
"C:\Users\Admin\AppData\Local\Temp\b84871131be749732b47a4659593da317a6adf8b51cbfecb9de384b5909f1603.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
33KB

MD5
089c18d1071f5b5b092f8c112caaab36

SHA1
8afdb90afdc7738531f3ea3d25731f87ffbfc564

SHA256
7df04785181d57806cf016936e982e457d6de752636ab87abcd58a60a5aee600

SHA512
d82fb2614213cc62b3c24e2e7a9cf56214690cb79f26a00a3d4c82a73d7be93b0fca0ad199780de2ba6180bc89236dc5cc61869b5f44b8c38637c2f12bcaaf40

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
42KB

MD5
dc26b9a88ece64dbd1755a8f0f8454e2

SHA1
7fd074305bd2f8b9356a24078fe55372cb7cf9f9

SHA256
741a61b939b3d4ad0c4e2e96eece7de89c066461632197b8fa4f05a4d1f9e26e

SHA512
aab1c986bae94b3b87c63d77bc1a953d7096d048983b53f5b2f160905149ba1ea0f9a27b1d07379ee8a1e9ac92e940abc937923275cd05855e3216b9a87cc27d

Download Submit
memory/2404-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2404-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download