10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
Size

49KB
MD5

163cd6546e212bc3352f6d806cf9d94e
SHA1

83a59d281494f3de54ce6345f00c27c6df659d0b
SHA256

10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc
SHA512

144711dca7373ef99accd6967cacbd84788abc8c06057280241929842dc298a5492b34b84174a5b424d0c6f418373dac13f3fc739e2535db9f17724f3fbf8730
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8zx35jtj9:KQSoU

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3755) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a0000000122e2-2.dat	upx
behavioral1/files/0x0002000000010622-6.dat	upx
behavioral1/memory/3028-70-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\GrantRead.tiff.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_dot.png.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\CMap\Identity-V.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Windows.Presentation.resources.dll.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_gtk.css.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe

C:\Users\Admin\AppData\Local\Temp\10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe
"C:\Users\Admin\AppData\Local\Temp\10b8e40e8e794d78e6459a7b30965cea9c1f36028f8585db5b9eda2321dc10dc.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
50KB

MD5
f3815abc0b48db0454e3be7753479a8d

SHA1
24266e731db15240547d4a5ec5da65fabc608f60

SHA256
3d0e46d98a88418896175932931d5cc3f397b0418d2d67fc728a2aad0d7677cc

SHA512
3b08cd3c4e769572e54729e1564fdf67a0209c59039151c275eb0f5ed5c3bdbfc3e5d778ac25122845540a9eb2552812d02ea613f88a3f7afd7d90e42ce5532b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
59KB

MD5
aa1f6a8aef013b2adc391ed00e3328f1

SHA1
4bf38d6f288c2256790a6f138469a17ea28e9032

SHA256
24781a18fe146df79a4f5a98dd0e5f27d50066d156c850bc5803e7fe0c9ba72d

SHA512
28a261e01b152b7de563a11bc5e81899dc1a08fe5430a6b8dd1f62dc70d5850b05243b6d39f9a63d872166f2a3ab94f51cfd3f4748b17e31f8934ee49aef2042

Download Submit
memory/3028-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3028-70-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download