37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17/08/2024, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
Size

57KB
MD5

b508dba54122afba49063d793c5d82ea
SHA1

2cd96c99935198a2ffd7f4353ec803e1c1701803
SHA256

37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a
SHA512

53fca5ec6e8d3425400c60e48cf678e107e2a3459c943647b821865bc321ce535919165be7b4acf65922bfcbfbef76c8f661242ed5419ca2f9aeaaea191964b4
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyHF/MF/6m0mdx:V7Zf/FAxTWoJJZENTNyl2Sm0mPWW

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3687) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1000-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a00000001227c-2.dat	upx
behavioral1/files/0x0002000000010489-6.dat	upx
behavioral1/memory/1000-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\ext\meta-index.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\PMP\QRCode.pmp.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Windows Sidebar\it-IT\sbdrop.dll.mui.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\flyout.css.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\pe.dll.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\28.png.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter.png.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\gadget.xml.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe

C:\Users\Admin\AppData\Local\Temp\37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe
"C:\Users\Admin\AppData\Local\Temp\37dabcae453c3c6b3e291b6bcd5fd5b7538ca02d76f6382fca890c6b60696e0a.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
57KB

MD5
1edd6e4fe58546043c089f289aa6a176

SHA1
db5c9e32722e0083e759ff4c223a32b4305aed31

SHA256
13e364f6bebe4b0f5d8b445cd2acbd4a5fa27b812e53f465505ad049b53dd388

SHA512
8719ba302970a106709ee225e2d2c0f1ebcb9b5d9fa91df75d2cf451d2fa0d81785559682711ed0f33b14cb7da1f22d71e84e8eee1581b197c165cd66883d66a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
5899d7dc80c824335c173bee7e1d0949

SHA1
fc588a0a4de5c7dca635b9734fc64c79eaf521d2

SHA256
b4d0bc5f8b50af9676628588a6d0b3ed4185f4b4f263d5f7d89cd05dd0a2c3c6

SHA512
9efc0e23f797bcd00ac09a069c8fa66822cd45efe8885d94d42875ccdfa9325fe4087bd36beb064754665606c3711ab97627d44be31514907fd088a0e4a5fb78

Download Submit
memory/1000-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1000-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download