721d5bad95e1b7783a012496ccc47deafba46d532719ad8752b49479caf42ac3

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4b7be023366eb9208b993b3bb010500N.exe
Size

25KB
MD5

d4b7be023366eb9208b993b3bb010500
SHA1

8a60f460b615f5773c31dabb65aff59433f34c45
SHA256

721d5bad95e1b7783a012496ccc47deafba46d532719ad8752b49479caf42ac3
SHA512

5ed3d03841e9be334cfa438a2d8c6c5ab310f399bcae26c8142a2ca29b7c1491b3b1d77b251bc7cc4b504d972b1b057c9bc2e5d8394d0692f3ae51a8e478b473
SSDEEP

384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxmDEFE9rt:kBT37CPKKdJJ1EXBwzEXBwdcMcxrt

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3448) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/288-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x00070000000120fe-2.dat	upx
behavioral1/files/0x0003000000010330-6.dat	upx
behavioral1/memory/288-75-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libchain_plugin.dll.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_ja_4.4.0.v20140623020002.jar.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\ConvertFromCheckpoint.ppt.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\mc.jar.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libgl_plugin.dll.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\MANIFEST.MF.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tbilisi.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.png.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	d4b7be023366eb9208b993b3bb010500N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp	d4b7be023366eb9208b993b3bb010500N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d4b7be023366eb9208b993b3bb010500N.exe

C:\Users\Admin\AppData\Local\Temp\d4b7be023366eb9208b993b3bb010500N.exe
"C:\Users\Admin\AppData\Local\Temp\d4b7be023366eb9208b993b3bb010500N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
25KB

MD5
1201689f546f4b0fe5526b3c47c0e5c3

SHA1
8dcb662348e2172bdb9ef20c71fce5b21603d8fc

SHA256
a3831c2ade3c0ebe65807825162e11e6c3c6e74f8b23fae41e93740a7b28e1be

SHA512
e4e5c32f84e6163997e317f271aa8b545107489d1bcf78af1c37419f670bbf58842028e9601fb16753dcab253353a87514f8a98b976cb356977111bc03b9d374

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
34KB

MD5
3fb4095fdf6a021a13631ed1e5f3cb4b

SHA1
fbdb804f4e93bedfd005529a3370555fcce06ae4

SHA256
10af129f1f9386fe44b270117e4c9e1b21fc910a06151a951b47357c36b79bbe

SHA512
083ba53ea30cb4c9f611bb26340741044e741560b37a5677d7fcf4c04a3c1b9458ce0bc10dc203229804f6e56d394222f59879e30032dba91543205ede8453b5

Download Submit
memory/288-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/288-75-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download