8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b

Analysis

max time kernel
150s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 23:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
Size

58KB
MD5

4814b36d18929fbe352597d378322ccd
SHA1

6e0d2e85ca93c2c3f21a668571b0c56bad1fa04d
SHA256

8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b
SHA512

d4ce571837442c8342a323d86394efe377968f0315a599b4b7cc5de9f4739283afa9d19bb91693963dc6568d7942a20f9a248ddab749d408b3a76021d6d0326d
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyHF/MF/6m0md/:V7Zf/FAxTWoJJZENTNyl2Sm0mdnwN+

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (1005) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1848-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000e00000001270c-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/1848-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Singapore.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Marquesas.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Nicosia.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe

C:\Users\Admin\AppData\Local\Temp\8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe
"C:\Users\Admin\AppData\Local\Temp\8f1c7c7b0914e7a1cff6c5db9aaf7e590001d5855a4dbca846da424dd1855b6b.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
58KB

MD5
b10449b8cd676cc745cd769699a27dd8

SHA1
ff4ae051db31aee0199f9e096e884d4593aab267

SHA256
9b19c1d766ce25d4d8fbe2c98d8754504eb474290a98351c1fb763f0972533b0

SHA512
a38c1acd91df4768b4a3e4f5c2db62ad91ec79482a9f11976c5ac640d06db12723e5babd37c953e5cad483204fc0254266792380025774e5986ce6f156ca7389

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
67KB

MD5
64b3cfdf03bc6a27cf4d8977b459c2fa

SHA1
43a8ed10f652d09b5f30cbf4e4c4dada06ad4d30

SHA256
7072f3ac56bf46817fe65d11085c6df31febfa4eb139ca38293c8a6afa4c824e

SHA512
18ea642f34e0fe2c6c6cdb9feeac29546fb10c152c8786930d81000956c941735797b69978e033aaca0971d53e34ece10fb2258d3269297baffe18c4ad86ea42

Download Submit
memory/1848-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1848-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download