10a5d37faad21303f6e1d952fa4f1ced81215d70830b3700fa61ccc5b20fdab4

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29-08-2024 03:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07b5e8a398f5ed985102da0cce52fa40N.exe
Size

56KB
MD5

07b5e8a398f5ed985102da0cce52fa40
SHA1

3cebd492ba6a772668f643b57a21b387da2cd066
SHA256

10a5d37faad21303f6e1d952fa4f1ced81215d70830b3700fa61ccc5b20fdab4
SHA512

451349a3e183be03383818d565e99642e5337616359987eb8a870a6d5b5cb301746c488b0a9bf151328f2d6d0f94f80565f1878001426ce3254cc56fbcd3e953
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFW9:CTWn1++PJHJXA/OsIZfzc3/Q835ufF

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3216) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3028-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0006000000012118-2.dat	upx
behavioral1/files/0x0002000000010622-6.dat	upx
behavioral1/memory/3028-75-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Broken_Hill.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\LockInstall.m4a.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Microsoft Games\More Games\it-IT\MoreGames.dll.mui.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Johannesburg.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp	07b5e8a398f5ed985102da0cce52fa40N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	07b5e8a398f5ed985102da0cce52fa40N.exe

C:\Users\Admin\AppData\Local\Temp\07b5e8a398f5ed985102da0cce52fa40N.exe
"C:\Users\Admin\AppData\Local\Temp\07b5e8a398f5ed985102da0cce52fa40N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
56KB

MD5
f1955518c5dcc8c76eaf1172cfcdd019

SHA1
d2e74f634170413393247ea28c3fbbb31d8c9f32

SHA256
8411658d65a7bfee8ecc39e406423af79713596f52202fe231ccbdad3aa6a92c

SHA512
fb3325e62cfa7423b75014282eec8041420f20c7c103c6e7dbae643e926ae62a01ecbbe2632d4209aaa6bc411cea1989731fd84e0fe33097e33fb6c34c5e7311

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
487fdea6288193a60a666c7bbee5d072

SHA1
7fe17ed5d86cc37922f614af7c3580e4bfb758c4

SHA256
c8517e80a3a5eff53abd4862b55223419e027310c4ef8363bf40676b3fb97916

SHA512
118538071ff683272c5a917f331995ada6ddeda65a9716b9253e1f64403b5857d5ff9b5a657b208413769b1199a324ff76d36689d1f8ee29a0740a529f5715fe

Download Submit
memory/3028-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3028-75-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download