1b07151ce740f7fa02a690e71a182e4066f9357409fd18d8689ea21f91fa2e03

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
03-08-2024 05:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58bfc053eea9768f44b0c78b8a4ba440N.exe
Size

51KB
MD5

58bfc053eea9768f44b0c78b8a4ba440
SHA1

c5a206ad98f8a27a62ba7ad5521beea85878e80f
SHA256

1b07151ce740f7fa02a690e71a182e4066f9357409fd18d8689ea21f91fa2e03
SHA512

9a6cce74f790bb4d88c663656906f26b6977a701abc306c42a8b7c0794b33ac330e052aa8c7501c2293e22754163cf804f9ae48f4a4b1ff355c260165f3332ad
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyHF/MF/6m0mNM:V7Zf/FAxTWoJJZENTNyl2Sm0mNTY

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3436) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2328-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-2.dat	upx
behavioral1/files/0x0002000000010485-6.dat	upx
behavioral1/memory/2328-668-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Windows Journal\it-IT\Journal.exe.mui.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_copy_plugin.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libty_plugin.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jre7\bin\kcms.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_zh_4.4.0.v20140623020002.jar.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-locale-l1-1-0.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp	58bfc053eea9768f44b0c78b8a4ba440N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	58bfc053eea9768f44b0c78b8a4ba440N.exe

C:\Users\Admin\AppData\Local\Temp\58bfc053eea9768f44b0c78b8a4ba440N.exe
"C:\Users\Admin\AppData\Local\Temp\58bfc053eea9768f44b0c78b8a4ba440N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2328

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
51KB

MD5
aece4ec4d715a17fb009345512ef4b35

SHA1
dbda4af1636399f2b0528211cc65d01fbe20323a

SHA256
fbd498609a3889f91c59ada20af5e68f25d679ead01b03731822be024810f943

SHA512
af1ffcb27ad860dc7a7b9947e7920bbfd73a0fbfd9768fdafd0a2ae7f9dda966d7528adb39ff46bb873d10ef1a4e3e87e78fc7b14967f4ed84e71bccc1ef96f1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
9696d1a52574fb53753c3f8944286dc8

SHA1
5d2bfd2574d96f8f9c129588d76f684aaee0dc29

SHA256
4f19eaea2ffbde7c7b2593396443c5150b7a6ce198e76b81f979a6c7a10c8588

SHA512
ad41a20054f3e6df26c5f6862b52e62b8de6505cb8722a0e15c293363f00167445e2d38304144bda6ccffa03d4969e62626ca46c71817b208238b16461e4a568

Download Submit
memory/2328-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2328-668-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download