2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1

Analysis

max time kernel
150s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
13/08/2024, 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
Size

42KB
MD5

ff5598ce6f6df85726244d9ce397df71
SHA1

a89be38949fd565cbbae2f98f8fbe5fc6d1da2fa
SHA256

2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1
SHA512

f848624e6709fbad38e388b254308830503c974a9e6be7ab4ff62409ff31a558f24877ef4f6a198b541e88f9bfe9c8c9183d8ae12285524bb1f49b3dae5dc4d8
SSDEEP

768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiHoGoFzY:CTW7JJ7TTQoQN

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3749) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1432-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x00070000000120fb-2.dat	upx
behavioral1/files/0x0002000000010486-6.dat	upx
behavioral1/memory/1432-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\gadget.xml.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_zh_CN.jar.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\mip.exe.mui.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_extractor\libarchive_plugin.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\glow.png.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-loaders.jar.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\slideshow_glass_frame.png.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vevay.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe

C:\Users\Admin\AppData\Local\Temp\2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe
"C:\Users\Admin\AppData\Local\Temp\2ded7809f4dbef81cb78ffda9d3f7d03544d8c6dcb0f3ff286a34d1c7fd771f1.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
42KB

MD5
7a12d4b39400565a3429a5262449a50e

SHA1
7e045a5a9c0957616597315762d9d44e342723ae

SHA256
e7c1764e844961339e64d841ce56b9c4285e7ad4e2833f6658059b2a69c84835

SHA512
e2ef42fd8f2013097d6e27972cb66f47a0fb6b23f5e7b4cc01c14cbc7660e037b666ef29cd4000380a931a46508fbe2969e15eb0bf8911476fbfef86d9c50767

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
8330162a25ead7d4a7f6cc476dc7ba38

SHA1
4d44a139abe369f48b948851feab552d0e8db077

SHA256
1ebd83276ab55b745803eb9876940eaff84ed70dfe990702691c81be57ae0d5f

SHA512
7ece36250e6acdf56b422cd17137cc4443a12679357aab40835a5db241aca6b9d2ceabc5097ac7a122b87442ca924fe0a342bccfbc89e96fd91be5606ec5c629

Download Submit
memory/1432-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1432-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download