445db8da09e7ca87ac6676e74df0607bf82f6d5decedb0b92e1205a5d4282888

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
18-08-2024 20:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04531f8aa932d74b036eb5a8ba1c2240N.exe
Size

47KB
MD5

04531f8aa932d74b036eb5a8ba1c2240
SHA1

15e26a797813eda44de8e6cba01b3ce856daf935
SHA256

445db8da09e7ca87ac6676e74df0607bf82f6d5decedb0b92e1205a5d4282888
SHA512

549b39e862418f4d0c4f688a1973a0c551a5bc2941323ac8fa3ebac0faee8984e097c472ae2fca4b9fb12397e9bb92a8df3d0e347f6aca8d0fb0c01a6adf1f30
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9NoN+OiJGfOiJfoN+OiJ5:V7Zf/FAxTWoJJ7TSbKby

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3681) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2412-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000f000000012782-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/2412-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\README.txt.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Journal\fr-FR\MSPVWCTL.DLL.mui.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\css\picturePuzzle.css.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_down.png.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\slideShow.js.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Journal\ja-JP\JNTFiltr.dll.mui.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\gadget.xml.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDXFile_8.ico.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\VideoLAN\VLC\skins\winamp2.xml.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_settings.png.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOnNotificationInAcrobat.gif.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Windows Sidebar\wlsrvc.dll.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	04531f8aa932d74b036eb5a8ba1c2240N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	04531f8aa932d74b036eb5a8ba1c2240N.exe

C:\Users\Admin\AppData\Local\Temp\04531f8aa932d74b036eb5a8ba1c2240N.exe
"C:\Users\Admin\AppData\Local\Temp\04531f8aa932d74b036eb5a8ba1c2240N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
48KB

MD5
cd965078e5cd19448ad9210e49bda148

SHA1
cfd36c82241dfc031828c2e8b501d0d0381dfa59

SHA256
8a0b6e69b8bb876d13276f8f85f466dae69f889e610802fab2adf75cc711202f

SHA512
d5e45c76da52c6d451740b702e9aa61f32f0b134f6a2d5a4a311525246b2fd601b2d87f4f849e7d8311816c84c59a280fe22a5748a0f206ec43201ba6664171c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
b1d8bf46b28e5f1527704df30c690ec3

SHA1
a564ce87cdc80edf2312424de9cdd5e623eeaf0a

SHA256
42d7b178f8d164298bc48f4d5db0ae5a426020c6bbf8a43b5d0f0f0f8d271a4a

SHA512
5a0482f4f095a87faa5fbc1d63dd138d11f9c7b14c80a3a8d090d3ae5608ab7259d5a61ffe5365427119476e24fc752ad0c1a31e27dfee0285b2298033f44dfb

Download Submit
memory/2412-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2412-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download