91ced6ae21b69ecbcef97cb6cdcce1a51b0f2b2e4b5fc5e1e72f151c3f6a0376

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b46de2b148c773081cbc79e94cbd0b90N.exe
Size

115KB
MD5

b46de2b148c773081cbc79e94cbd0b90
SHA1

adc4d78dabd09807c6801d4a5fc6226834b50d39
SHA256

91ced6ae21b69ecbcef97cb6cdcce1a51b0f2b2e4b5fc5e1e72f151c3f6a0376
SHA512

2f43b68bcb7c5443307e14db5a19d26f1621b70c3bf28e1f39e85bfcb435f3e61f82c027a0462ea5969539fa007b533aeaec13f1e8a7d7fc5815a80d166a37e5
SSDEEP

1536:V7Zf/FAxTWtnMdyGdyNQ4NQ4FTWUnMdyGdyNQ4NQ4pmdGwmdG1:fnyGnv9N9bnv9N9s

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (2853) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2112-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00070000000120fb-2.dat	upx
behavioral1/files/0x0002000000010486-6.dat	upx
behavioral1/memory/2112-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Volgograd.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-core.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	b46de2b148c773081cbc79e94cbd0b90N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b46de2b148c773081cbc79e94cbd0b90N.exe

C:\Users\Admin\AppData\Local\Temp\b46de2b148c773081cbc79e94cbd0b90N.exe
"C:\Users\Admin\AppData\Local\Temp\b46de2b148c773081cbc79e94cbd0b90N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
115KB

MD5
3aa37a87461da8b0352797c8b3e6fa83

SHA1
bf3528daba503749c5526ed8feb0811b950d88c1

SHA256
730816edc86fc0d5e1cd2ad2c44669dec45d54024247d11d5e2568a99b033fcb

SHA512
7065dac6a16d99172de65ebc7e941d7c48ceb7398e3b97330929ca2c1046c27bf39d423a6082a3bed97a8f1af2258439c5fedde7693629e5f2ab0ed60965c10e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
124KB

MD5
a6885bf3fca16563324195055239bed7

SHA1
60fcb0d68c549098caade8afa8c7c7b6cfa3dec2

SHA256
9d12359273e373131875d058bc6663f672291f19f4273087166b945bfc87006d

SHA512
bf975483d995f3ad4fd4624850c9c86cd86cf21ba2f6669fd0521f428f9def25e26b5e1764ad7484b49bc869f1f83441a57dd2183f2ace6061e4505a2648e5c5

Download Submit
memory/2112-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2112-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download