10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
Size

43KB
MD5

878f5d905b378d17294bc856250b288b
SHA1

e87d345e3930df20cc38ffb037ec18c123ef1f77
SHA256

10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6
SHA512

d005591c99d095c4171f3706c375fa18adccec6f8c03781f728a9f949c161357cde9baf555bf218f5fc935535e7f73434d98f0c41c1c5c06d707bef8f2516fbf
SSDEEP

768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeinMdF:CTWUnMdyGdyI

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3782) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2968-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0007000000012119-2.dat	upx
behavioral1/files/0x000f00000001045a-6.dat	upx
behavioral1/memory/2968-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\cpu.html.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\WindowsMedia.mpp.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can.hyp.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.ja_5.5.0.165303.jar.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX8.x3d.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\settings.js.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\MTEXTRA.TTF.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDFFile_8.ico.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Journal\ja-JP\NBMapTIP.dll.mui.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\mip.exe.mui.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\hint_down.png.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe

C:\Users\Admin\AppData\Local\Temp\10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe
"C:\Users\Admin\AppData\Local\Temp\10fff0e8c2e90f2b4385a488d200848a91b01467de330eaed53c0afe77ce44b6.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2968

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
43KB

MD5
37dc86d8d132af75cd0500e617e316b1

SHA1
5095899fa1ea64110c9f64bc537cd15b1c5fb8c8

SHA256
11fcc86ae319a9ebb33d6d0fd54706be21047a4cd96e2d3728754c9511a8c0d4

SHA512
deefd312c256af44088e0103f614b21a1273eab2447ad8ddf140bbd1776032c6c4c110600986443187ac6e853f7d457fd3969daa4fd27368a7665064402b4ba2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
52KB

MD5
0b8b948427329a848015f0933902269c

SHA1
6470f5fee3e205703c50562003e337b6ae8edd2d

SHA256
bb8cda332a287dc4fe4c23a26885908fca4c924af6dfa2a238f0d40dca7e1207

SHA512
14ab211eeca1128c78f1eced5c9c2ab59e36b694e4456d0623793074e9fd917d59a2483bea9c8beef5590c923f44ed855176c683898cafe4a5f0a545a4b3b069

Download Submit
memory/2968-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2968-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download