c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06-08-2024 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
Size

57KB
MD5

61475ca5ae69257dddb452bc5053a459
SHA1

e8e8a980f9c548ffa60fc6172cbbec511c8daeb1
SHA256

c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec
SHA512

c93bc7068487e7472cee35c4642ff48fc15283452203839156f13065cdd1947b6cfb57ef0e2dd3ca830d4795a9d48c7e27b7839bac647f1dbf30d1a1a55d9e40
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKvhmkX:V7Zf/FAxTWoJJZENTNyoKIKQkX

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3740) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1708-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a000000012291-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/1708-658-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\WPGIMP32.FLT.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_zh_CN.jar.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\DVD Maker\sonicsptransform.ax.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\lib\resources.jar.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\ChkrRes.dll.mui.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Mozilla Firefox\dependentlibs.list.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\sentinel.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.rst.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\grayStateIcon.png.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.tmp	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe

C:\Users\Admin\AppData\Local\Temp\c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe
"C:\Users\Admin\AppData\Local\Temp\c4b615647ae4973fbf1edc0dbfb1bd44e430f05cefeb0ac4ff0a5e957d8c12ec.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
57KB

MD5
b38832608fb709986416e0a3e250dbc2

SHA1
dbfb4cb481ee575205f6a1b83fca8fc1e8763d78

SHA256
8b6cfe80b71738162a368074a0daf241e4a915816fa4bce58f1af48204e4cde6

SHA512
811bcf67ca2e3db18ff81e9798e51099e9f84477d47aacfacd4737d331538426970c13a385dff56c1318e8ec3647f9571a3129974b0e6373f194590543f2f7d6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
c0a9b049d9926165f9280008a7d6c03c

SHA1
a30c26c2821f44656c89d01febee54a1f59bb863

SHA256
87e53cb962b526ff0020d34c09d9e97839be8868e0b9bcf3a024a10cbbcc24da

SHA512
9401f7cd4d3a2d93f057ce2fb32e7ec322049fdcfb890c01ff00a6aaf1f21731afd0cdfb35a68ebae194c9c73f6a6d59bbfd439cbb53c31e5400866540798281

Download Submit
memory/1708-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1708-658-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download