bed910c93c060aa5b336a06b7715d2716bcb0060781c3c334869ebe9d1a9fa58

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23-08-2024 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b92cb55b01e72326bcf4b7ecbf57ca20N.exe
Size

47KB
MD5

b92cb55b01e72326bcf4b7ecbf57ca20
SHA1

4a632d1b9775202cc6a6d06af5ae4b9b9cbe5419
SHA256

bed910c93c060aa5b336a06b7715d2716bcb0060781c3c334869ebe9d1a9fa58
SHA512

b435a285f641e85bf6b5d690f1c5dd6a19871d9007ba53fbbbf7778cc271a7c39e62c7946c719704dd78bc304a2df7c6c0ea761bc3bc1840485b356cb23ce556
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9DJKGJKL:V7Zf/FAxTWoJJ7ThJKGJKL

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3216) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2680-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a00000001202f-2.dat	upx
behavioral1/files/0x0002000000010663-6.dat	upx
behavioral1/memory/2680-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_ja_4.4.0.v20140623020002.jar.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Hermosillo.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_zh_CN.jar.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-progress-ui_ja.jar.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp	b92cb55b01e72326bcf4b7ecbf57ca20N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b92cb55b01e72326bcf4b7ecbf57ca20N.exe

C:\Users\Admin\AppData\Local\Temp\b92cb55b01e72326bcf4b7ecbf57ca20N.exe
"C:\Users\Admin\AppData\Local\Temp\b92cb55b01e72326bcf4b7ecbf57ca20N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
47KB

MD5
7b3264c91913d9f6dd7dea05424c4582

SHA1
e0e82414093c6681661817d2408a64f8a26d9bf3

SHA256
674729480f986aaf4a6b0ed7260b431d2a0415f72dd2839c09ab738df3553f6f

SHA512
56a5017b7c069e9843b49a8dc2ae44436360b5b07580d898ea2be6b6ed67e097d641bda382cb56423fe02888b6ecdfc9a84035b7bb59cc8527cda8dd110b5ade

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
b301875964d9217db523c0d1db3f499b

SHA1
5efa5df1433a60f5d71e0ee33eccd7133f48c6d8

SHA256
0b25446e5719162ba0e9ca1b874865c5c5c92d083cde1c360611896ad94d8861

SHA512
0cdeeae4e1df051d9aab7d3aa2766a25f7cdec84f3655fc4df3533b8ecffc8e0b37977809d434a36c5dbc550807df85f1a92e98ec6fc2fdfa945a6c6d989a4a9

Download Submit
memory/2680-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2680-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download