36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
07/08/2024, 20:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
Size

75KB
MD5

7ea71a6106bb801db7703c768c3c0890
SHA1

2e6f8d2ae89dd76f9e433ee3c9e82d3f5a711c08
SHA256

36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987
SHA512

d7625534263a6bcfba90ee0d88bbdbe10ecf4a3011bfd97e0d982fe52491428aa626259b09b99d7834dbce6948df2b9e7af0e7ff1ce71c53e63edb00daedab42
SSDEEP

1536:V7Zf/FAxTWtnMdyGdyxykn8+o5oJxJ0PYXA5pYxbOpCpFgTJMTTLL:fnyGnLn8+o5oJxJ0PYXA5pY1OpCpFgTE

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3478) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2196-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000012285-2.dat	upx
behavioral1/files/0x00020000000104da-6.dat	upx
behavioral1/memory/2196-660-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libpanoramix_plugin.dll.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_hover.png.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d9_plugin.dll.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Windows Journal\it-IT\jnwmon.dll.mui.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\gadget.xml.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\settings.html.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe

C:\Users\Admin\AppData\Local\Temp\36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe
"C:\Users\Admin\AppData\Local\Temp\36d07d60fca2441a03b19a2a4b4fd6283ce9094808611c5043aae4a95624b987.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
75KB

MD5
eda49ad44f8e3654e2fa934926294b4b

SHA1
cf9cbc38393bac6f129656bccd2011727ba32fef

SHA256
717c0e8ba53ba412a745ba569edd930c2b9bcfb2cb60c615e5f8ddd7176db25c

SHA512
89f4e8cd7030d5e3985468b55101aa9d8ce4c90e85e13ed40fe2615fc92a846c3e90124e9f0087041364fb14acacba1fca7a7ea47207bf853d375cf4297aeaff

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
84KB

MD5
e070fab1c8c076337cf5d8b83c6f3209

SHA1
0abcab42442de4ba756aa3496af15125ab34873f

SHA256
6f834ef07c35e2297d36196ef055b952acef9edba503782087cdbae0e1ed19e4

SHA512
505da949085bffc44f772f4c0e682d07db1273b16bf77b1427e88a5b8ceb5bb6f8a103c3af122da319319ff5c21cca9cd4c01995e67523d1ef0000ffa175d4de

Download Submit
memory/2196-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2196-660-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download