c7eb25f1b2d61459f28fa2c55c1e5cfa250d9dfa3b6369bb34d9fd63cfd2c84c

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 06:29 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22d75605854013fbc2677fa31db356d0N.exe
Size

57KB
MD5

22d75605854013fbc2677fa31db356d0
SHA1

d2f785a95fe912c68e634d7aed76b5e32b6cb761
SHA256

c7eb25f1b2d61459f28fa2c55c1e5cfa250d9dfa3b6369bb34d9fd63cfd2c84c
SHA512

6512fb98dde957dc733d2b01ffcd16cb7ba886b63975a0d43f3a4157547da52f7bc9f1c189cf0f395bc85c4097ac73770e4e5f7bd29a82bdfafddf3339070f3e
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyHF/MF/6m0md0:V7Zf/FAxTWoJJZENTNyl2Sm0mPW/

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3236) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1316-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00070000000120fe-2.dat	upx
behavioral1/files/0x0003000000010330-6.dat	upx
behavioral1/memory/1316-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libcdda_plugin.dll.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\en-US\PurblePlace.exe.mui.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\vlc.mo.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jre7\bin\server\jvm.dll.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Malta.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boise.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host.xml.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-nodes.xml.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	22d75605854013fbc2677fa31db356d0N.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	22d75605854013fbc2677fa31db356d0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	22d75605854013fbc2677fa31db356d0N.exe

C:\Users\Admin\AppData\Local\Temp\22d75605854013fbc2677fa31db356d0N.exe
"C:\Users\Admin\AppData\Local\Temp\22d75605854013fbc2677fa31db356d0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
57KB

MD5
a83620cd29583bf556e7061701b74c15

SHA1
5a17d0fa8054eb3fe75dd86196bedca6f9b0f31c

SHA256
dec41cb745e27574f4150af02b65a0ea161e9d9242f6e81cf58ec6b96310c2e0

SHA512
3924380a8f8d9b6dd959eb7fcf87b3cc0b527d7b8346793371f5530d29dc52641e2623a77934e50c6d39e9be538f7346a66f144d7b78730381e1dac07bd0c358

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
b2ec0b6d0fef171cae114e4fe7bf55ae

SHA1
3b0ab1104cc2ff195195cd10e80dcf940c141643

SHA256
f527a7e8ce478fc98bc1a02f40b285607bc1dcf217650de8cdaa5c3df1253e02

SHA512
1e0d2d187c4d0849c7052f4979542c446a94af5293de5281a4f022d5ea16664a3ec1df0224dae7a4f1c709fcb798245fe546518a0ed3555a9cc72edec3c0af17

Download Submit
memory/1316-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1316-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download