b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-08-2024 01:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
Size

264KB
MD5

e36e4ba342db5d244b93ba0465ac33af
SHA1

296c08eaaa164a7040fda46b92ac29a493f1f74c
SHA256

b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7
SHA512

6bd713fc27836c87791be9ea2e3b5e10a2bf6d43824fb566057407ce19296a18b742481a90164118da21a54a1e2a15af760482971d72611f2ac7d32b87e58c76
SSDEEP

6144:KmCAIuZAIuDMVtM/XSCdtfAIuZAIuDMVtM/XSCdK:IAIuZAIuOYSCd1AIuZAIuOYSCdK

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (2860) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2332-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b0000000120dc-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/2332-450-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Aero.dll.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe

C:\Users\Admin\AppData\Local\Temp\b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe
"C:\Users\Admin\AppData\Local\Temp\b387e7f5a325cb0f105643777a20106023a1d52478bcec9ff5e4d038dfbc21f7.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
264KB

MD5
d065d2e0d3eb282f1ddb0eab51d1c462

SHA1
a6dd432c5c3e6b3393ea5fef8fbdfbfb2357a29e

SHA256
d27b2d1cd1c260c1800b296ce2c59b5ada0d35120a83621f8b99eca57be4805d

SHA512
e64557394985d3e69aa426ab49e84d1f1648d86402da8bba4669124c43a1c97119c82bd896d0f7d839b71a49574d70284d63783d341e846772da3213458dbf10

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
273KB

MD5
e0a6512c42fbc9855639d3a01b5dcc81

SHA1
33af328d0d53f5278bf40d593ec258784389ecf7

SHA256
9d2a406320584d893ed6ec35c94f61c8e3d96e2d0e4d62ae83d3a2cfa97eda6d

SHA512
0c143152b88b12f038838bf70e6dc69cb11953fc861073ae82721620ddc3e7005247c8cd57b63562211ae078609aec1b53a4b45471c566e1b6a2a88163d82a31

Download Submit
memory/2332-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2332-450-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download