e6975448c999af4559bef41a38293019abded7d6283685b058029ce292e8edc8

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 19:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd7bf111acde4611ea2c1823d54bdad0N.exe
Size

71KB
MD5

fd7bf111acde4611ea2c1823d54bdad0
SHA1

e6cc85b08efea4430458d7022399dcfdf5f2914d
SHA256

e6975448c999af4559bef41a38293019abded7d6283685b058029ce292e8edc8
SHA512

be4449e56d5b81734fa55e0bd220640f08fbdaa80a2166cf250fba000b160427856595678dab6947209bd5c9b250980a786bc09e4413966775971ee838fe13e9
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9ABT37CPKKdJJ1EXBwzEN:V7Zf/FAxTWoJJ7TsTW7JJ7TY

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3117) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2624-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00090000000120f9-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/2624-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_ja.jar.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Net.Resources.dll.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jre7\bin\orbd.exe.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Canary.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	fd7bf111acde4611ea2c1823d54bdad0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fd7bf111acde4611ea2c1823d54bdad0N.exe

C:\Users\Admin\AppData\Local\Temp\fd7bf111acde4611ea2c1823d54bdad0N.exe
"C:\Users\Admin\AppData\Local\Temp\fd7bf111acde4611ea2c1823d54bdad0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
71KB

MD5
0d09234080844a350bc5755cfba7fe0e

SHA1
6e3103095b827502ccfe7a558b0d92adbf64e44f

SHA256
f28c8cd03a198dfee48efdb18b8b0716dcd4cbfafde86e30bbf124a456a442e0

SHA512
f00c123af8f444f539d168b05e592f84965f87ff15bbbeaea73947fc16035b49972199b8de63610dafe80ffb6548de80a7ca81e6e9ffff7e34d255fda06f2fc8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
80KB

MD5
5e2056f0c04fb2d560f2acc6f93b4a54

SHA1
532dd23e1edf71e6cb4b4a933bf2f293d81cfcb8

SHA256
9ccaa16fbbadb062a3f826a06877039a838abbe6e559906f0ca802a8de4ddb79

SHA512
bac01d7603eb2609ab0128f852e0e2fcfbc41fa419fd045169b8da1b02cbd46bf1376227cf4d518e633b0a0b700ee84ed06b84fcd625af65542a09be0e0863de

Download Submit
memory/2624-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2624-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download