083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
24/08/2024, 21:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
Size

113KB
MD5

a3f46b0d0102bf10c5a72c735adcf5f5
SHA1

e6dc2aef124b2ddd2420cf2549161ccf175e105a
SHA256

083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a
SHA512

8edb9ff380da5e7793af289105f9ed2ed7288782bb5f49aca86062c0a7f0d5d21d045ffce6675522ca20090bbd40a2d67332a7de6c5a63d42e88df14bc45f295
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI99ojoGRK:V7Zf/FAxTWoJJ7TARK

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3452) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2572-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0007000000012119-2.dat	upx
behavioral1/files/0x000f00000001045a-6.dat	upx
behavioral1/memory/2572-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsepia_plugin.dll.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\VideoLAN\VLC\skins\skin.dtd.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Windows NT\TableTextService\en-US\TableTextService.dll.mui.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-execution.jar.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Casablanca.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Microsoft Office\Office14\ONLNTCOMLIB.DLL.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yellowknife.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_rest.png.tmp	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe

C:\Users\Admin\AppData\Local\Temp\083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe
"C:\Users\Admin\AppData\Local\Temp\083a15dfc67ebe473de98fb52f35b3990b2dfb117595ee41c471375152e72e9a.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
113KB

MD5
c4be2d65ce898d45dc8598560b37e470

SHA1
df067c865dfbeb24cfb89dc88f3be7a9b96ddc73

SHA256
ed622b682b4317dc7494a644c02992a083097f45904c912294668646df39b3b1

SHA512
126ef070797d743f54df422ed7d15f0794f8c6d726a6a976e97f5364c0c6098811908326c83990e9896f3347b3be8904b706a266033e3111f659502a9ff63cc3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
122KB

MD5
fe115e3506f46f748f6753509c784ade

SHA1
083d2daf48b9e3adabe8af25073d9a1308daa385

SHA256
ad267a02d9efbc99993862c5a9d6417a5f847352417cb12251bcf9addf3908d9

SHA512
3e05cbbe8f19247d4d25b33b094cc8675847781fdeb79014e460a2cac050f10980695f7a18cfc0a778c6aee19ab02594e4834e900bccdfb81004b66087a6b694

Download Submit
memory/2572-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2572-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download