df4ca57a2a96d17344e402825c1c787935608be43d5f1abc5b57520878167277

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cb7543bf304a29d9861e19deebd91d0N.exe
Size

68KB
MD5

3cb7543bf304a29d9861e19deebd91d0
SHA1

5c8f4228aea429e4fb022bc39d75b2593e10c051
SHA256

df4ca57a2a96d17344e402825c1c787935608be43d5f1abc5b57520878167277
SHA512

c9f81bafb23a6c59e59759a789561696960d55577a3420b293d300302660cc4e988f41343907d5f5c49b62545a851ae42a4ff13031a8438b729fd37341c30da8
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJBZBZaOAOIB3jM2jMO/7OSbo5+Oi6Jfo5+Oit:V7Zf/FAxTWoJJB7LD2I2IbSq+6

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3261) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000011ba4-2.dat	upx
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0002000000010557-6.dat	upx
behavioral1/memory/2364-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ComponentModel.DataAnnotations.dll.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_zh_CN.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Mozilla Firefox\precomplete.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	3cb7543bf304a29d9861e19deebd91d0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3cb7543bf304a29d9861e19deebd91d0N.exe

C:\Users\Admin\AppData\Local\Temp\3cb7543bf304a29d9861e19deebd91d0N.exe
"C:\Users\Admin\AppData\Local\Temp\3cb7543bf304a29d9861e19deebd91d0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
69KB

MD5
82511da9e15e32d3c01eeb10c5beb06f

SHA1
e0a62d57716da100a35e1dbac0299e83fe95b2ce

SHA256
3141010f5b9c3f061c4ffe5e16f0d79156619424da6c5e0e6e008f1e9451594d

SHA512
ec1163e2427baa18f44ecc91ceed0ce89d313df3cd0727a7a8c82135bd503cda25f072ace5b522715f2c36036fa68a6e9928cd2e4876167120ea70dc56b2e7e5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
78KB

MD5
bdc4340ea7ff921b2b47585428f503bf

SHA1
e2d024181067202b3c62dc535859acd931e49614

SHA256
b99a0ff534db578697111a06a1af2f2faad36fed87735a188ad154c298b7753e

SHA512
395ee406d383960375f07698ed3a7ddff4c48e811fdde27d0e3a6f3a5929bf18e96f941a83bd4724b8dec25d20dbf4cf8c586d2fbf65099040d5921408e42c3e

Download Submit
memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2364-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download