c9472e450531dd659ed36167d9cc3993e836dd2f6bdf42e730ddceefbb57fc0c

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 05:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dbc2a83a50ea464fce7f2dca2079b3d0N.exe
Size

84KB
MD5

dbc2a83a50ea464fce7f2dca2079b3d0
SHA1

1898e083d9437a9bfbb5bcec4538322818ddee3e
SHA256

c9472e450531dd659ed36167d9cc3993e836dd2f6bdf42e730ddceefbb57fc0c
SHA512

9bf7410184e5a6623903ce89b71ce445b35dbc3c90943fa02bb1980f244183ef87c753cf435e0a552afb88adde3dc6644110595eafdacd8ea2d127a1867843db
SSDEEP

1536:V7Zf/FAxTWoJJZENTNyoKIKMvTW7JJZENTNyoKIKM0:fny1tE5KIK/tE5KIKr

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3118) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1196-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000700000001211b-2.dat	upx
behavioral1/files/0x00020000000104da-6.dat	upx
behavioral1/memory/1196-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationCore.resources.dll.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Design.Resources.dll.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler.xml.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\PushConnect.rtf.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	dbc2a83a50ea464fce7f2dca2079b3d0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dbc2a83a50ea464fce7f2dca2079b3d0N.exe

C:\Users\Admin\AppData\Local\Temp\dbc2a83a50ea464fce7f2dca2079b3d0N.exe
"C:\Users\Admin\AppData\Local\Temp\dbc2a83a50ea464fce7f2dca2079b3d0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
84KB

MD5
d9c28bd8a85f5ff41d1a235ae64bee76

SHA1
c143e3898741a5df5c3728a61aeb88eee280fb0d

SHA256
419d7e34e0f4606323e1d46696a12eb2ef61fd70f41698c3e441ee975cf08cb5

SHA512
3b1fc9e00dd1144613d26aa0dc7875f3ad2b4de8c59409210dfa7318481b9158e3d4e93daecc667053f5c434f29c4953a4ae4c74b419a71ab766101b1bd0e6d2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
93KB

MD5
347ba28820be9a99bb121e93fc8d2bd4

SHA1
83bd39f47c372f0a9d498809356407eeff165a94

SHA256
38193d4d2462b73de8b4412a0b73a4de331516904eb2e560c2371c284bb12b81

SHA512
4c270141ff7ea6ae0df855d66819ab22fec088d2a30ab37ed6875ebf609693f545b0767830ad3d71ad51735ba5d76b0ba955b11f51e53b75a3244fc91c65df4a

Download Submit
memory/1196-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1196-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download