fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
Size

44KB
MD5

465e5525d43295aa1c05a821bcfc7674
SHA1

ea6bd4e27d4a6971ea0d1db7bc1d7eb56b5f54c5
SHA256

fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76
SHA512

9351392b8d21ed2692a5e0fe32edc98a878be15cd3773a63cfa85431e82d16f244f2f9f10530f457fc3cd902a88c9e5aacac2a69beb96c66609d6d05ce571ead
SSDEEP

768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/til5z35ztFp:CTW7JJ7TTQoQlRr

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3828) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0009000000016dd3-2.dat	upx
behavioral1/files/0x0002000000010622-6.dat	upx
behavioral1/memory/2364-75-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.RSD.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Access.en-us\AccessMUISet.XML.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Windows Journal\MSPVWCTL.DLL.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Windows Media Player\de-DE\setup_wm.exe.mui.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-queries.xml.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jre7\lib\security\cacerts.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\UpdateReceive.docx.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui_4.0.100.v20140401-0608.jar.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\slideShow.js.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Windows NT\TableTextService\ja-JP\TableTextService.dll.mui.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\css\slideShow.css.tmp	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe

C:\Users\Admin\AppData\Local\Temp\fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe
"C:\Users\Admin\AppData\Local\Temp\fbc9d6c16af3c1d38d852057230d2996928c9ee5ceab54445962474f4698fd76.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
45KB

MD5
da33d6a9fb00d9a701ec05ab658f6826

SHA1
7a41708ce9bc7280f334ff98c8772289b7ac3400

SHA256
e40df32251dcda026d399b760b43a09ea56219118cb3506f566870987ab00403

SHA512
dbf67985562061ac123a2573e8c2b3a25a5c71fcb936a59a6f024fd6e3094f4c2b604454e36cf01a98fd02fb5dc4da9505bc4334272e26be018cf00f57b41861

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
edf553875ff5970e9e1fd47b2b8d1891

SHA1
dde0b2ac394f649604591497e3b8bb9b1b371120

SHA256
3c80dbece9772bed1081831fb53a0a4f62d408a43d3ba8f77127b8cff112e5fd

SHA512
aabc58d6558e8edf351a4e7071e9724bb2ef79fe2dc27675da793def57c5f686d1d883037678dd88f40e0712e1d5dad7e04250fe05c4e189fea37cedc5419c60

Download Submit
memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2364-75-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download