411fc4854a5ebd3927c9ed5d6a30c855a3c41aa9b4fd408345034428eefb475f

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02/08/2024, 20:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cc7c83203e1bb71a73bc16ecb54a7910N.exe
Size

21KB
MD5

cc7c83203e1bb71a73bc16ecb54a7910
SHA1

e58e70de15061a8362174172eec7b6ae359a3707
SHA256

411fc4854a5ebd3927c9ed5d6a30c855a3c41aa9b4fd408345034428eefb475f
SHA512

899bad1a62aeabb7f8a68560d1ab0297877a8355fa17fa38fd40cae6cec88fd512cfc4814e8fc85dd5c99e56c4f8a237ff02bd86cd1403564047441f60cdc369
SSDEEP

384:QOlIBXDaU7CPKK0TIhfJJcbQbf1Oti1JGBQOOiQJhAT17en:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJ5

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3400) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2696-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a000000012291-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/2696-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcanvas_plugin.dll.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_pitch_plugin.dll.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dumpmeta.luac.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	cc7c83203e1bb71a73bc16ecb54a7910N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cc7c83203e1bb71a73bc16ecb54a7910N.exe

C:\Users\Admin\AppData\Local\Temp\cc7c83203e1bb71a73bc16ecb54a7910N.exe
"C:\Users\Admin\AppData\Local\Temp\cc7c83203e1bb71a73bc16ecb54a7910N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
21KB

MD5
a77db6e6e8311ec2450810eead70cbf4

SHA1
dcf182c3e52eea3fb8ea35f2757244be4962421f

SHA256
9e497da7eec99c6cdbac8edd0c7c5d0c712049bf3145ae36fccea413f0a1ef64

SHA512
22c80955e19c034bf6cb480fdd0d513ff7182635f7b7c1936f53cde5a51132890e61e973eb597ff2ef424a43caf4affd0f62d52be2949e0d434f70d216a39cce

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
30KB

MD5
2807877cb27db6d4f21ea600eaa31c1a

SHA1
79f428aeb2e2dbf1537c1c0dc332edbbd1409f0f

SHA256
e9ac039a60ea18a4ec0b80e8e18ae13a89a07e46eab196855c4958ddf28bfb94

SHA512
0fc346fdf2c36bc473308a9b53d5491f89821bb1ab62535ec072e854f87f447a41923a9a2c62001d2a48a41151b4a14b950cf366db2e8ba752361c61e7067db9

Download Submit
memory/2696-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2696-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download