8d96555efb906e4107d6a29157ab20201b5c84e40816f74a5042e76e2add89be

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06/08/2024, 00:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ee66cb455f29729daae33b559210cf0N.exe
Size

103KB
MD5

2ee66cb455f29729daae33b559210cf0
SHA1

4e8276839d657bd9fcd7324b970adaed4651749f
SHA256

8d96555efb906e4107d6a29157ab20201b5c84e40816f74a5042e76e2add89be
SHA512

c1dc896e3bb749be8f1e20a82e7f237bce15e732de51a5b2fb1a611df44848f8806911f7f8c05f70c23fff94171215b2af7d184df9d2cf3f2ee4f126eef387c6
SSDEEP

3072:fnyiQSoJUBM+PocOQejPdMRAHAASnnD5D5172HyZU3YF40S5DnumSFDnDHaJP1Bg:KiQSo/8

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3082) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2408-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000012029-2.dat	upx
behavioral1/files/0x0002000000010663-6.dat	upx
behavioral1/memory/2408-656-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\vlc.mo.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kiev.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\instrument.dll.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Petersburg.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services_1.1.0.v20140328-1925.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	2ee66cb455f29729daae33b559210cf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	2ee66cb455f29729daae33b559210cf0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ee66cb455f29729daae33b559210cf0N.exe

C:\Users\Admin\AppData\Local\Temp\2ee66cb455f29729daae33b559210cf0N.exe
"C:\Users\Admin\AppData\Local\Temp\2ee66cb455f29729daae33b559210cf0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
104KB

MD5
cf95a9741050cb68d35a139036e1c87f

SHA1
a0cd25637e789ee9df30c66e1b65a02180c659cc

SHA256
42c2909048ac1b35d91525b147101a2180f9b91109b5e6e1c62640f84d3bf1dd

SHA512
cb3a7e38443c0901595d5cf62e7464599e0ee913e69950bb4f1c83b1e6f7b46e80232506c4d5dbe2e02a5766b9c97d75a284d1abd799cb3e7b3e36c68daee84b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
113KB

MD5
8f3b806fcb7d4652e6c68a0ebbb01c84

SHA1
e9f80645f09ad4b77d53423ce3afb9d6eba20d8c

SHA256
84d61724b43394bd498f133c8a45770e9978e78663e0a8ae61241ce601c5a926

SHA512
9d46e3183222681f11e190aad4a4b955a06166b59f6a60b53c48bf54ab91f48b029227c82387f07d0391e4711aa321d058819f96db9f83fb3ec4d838b1ed57ee

Download Submit
memory/2408-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2408-656-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download