bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25/08/2024, 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
Size

78KB
MD5

2e53075113e05da34a5c3ad36643486d
SHA1

5e6032ec3047c93bd570436beae57a883608a690
SHA256

bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7
SHA512

fc2de554b3326312eba93ada750efa7bcd362b18615d5b8913d8f447cfec1728d4063c807659ff688d07b2e9288485fde980ee9a4f8d063c90c78c211512265f
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZT/:fnyiQSo7Zr

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3681) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2112-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b00000001225f-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/2112-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\jamendo.luac.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\settings.css.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\css\RSSFeeds.css.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnetwk.exe.mui.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Entity.Resources.dll.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-disable.png.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.tmp	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe

C:\Users\Admin\AppData\Local\Temp\bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe
"C:\Users\Admin\AppData\Local\Temp\bdf7b3c9efb368cf7d14fd84ab2e7ac191ea3fa0728910434b19ae936fb233d7.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
78KB

MD5
25dcbd9745817353fa95caa74c4abb23

SHA1
88e5e2eaaaa2568da35e573cbb93b80f78ad4160

SHA256
d51c8be7b58779542f837ddf4dc6d80bc8fb173469ded035086f78bfff199b79

SHA512
6695fe7ce5ce94847466491eb9a6e25c259ae3d693883fbf3dc1e52d93224952255a194f24b75493bfc69631b9123318431cc1c23b1efdb83ccabc8959abdb17

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
87KB

MD5
2e9c27d00eb3c25cc90db7dd3066ac26

SHA1
5342b662b9d867aa92a48b945f83eca2159fa45a

SHA256
2bccfe62ae215b8dbc93dd6caf7ef35d3c8d5107d6dc1d4600e881c25d401639

SHA512
0d8ce042511bd069fdcc549160299f5aaebe5ce9c9f2114698019180a7177b3621ff8612fca3b8ae98a0f96c9aa38df9fefd10fee3c6b3fc89c3d41a332173e9

Download Submit
memory/2112-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2112-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download