db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
29/08/2024, 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
Size

66KB
MD5

0582f930f358d0fcd2128000b0b6a617
SHA1

d3d0d1f850b00c62b25cc55978b2269573e28115
SHA256

db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52
SHA512

a20d0460c606d62b4c91a9ea1d4137177bedd77c305c2ab7dd6cd9b08e7d5e9cbb145424c0272bae681bb8115c48efa43e4b1b3eb2ed0abf6a264540caaa57ac
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tih3y3uP9+:V7Zf/FAxTWoJJ7TTQoQh3y3vwOgrwOgH

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3526) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1000-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a00000001227c-2.dat	upx
behavioral1/files/0x0002000000010489-6.dat	upx
behavioral1/memory/1000-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.nl_ja_4.4.0.v20140623020002.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\clock.html.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\gadget.xml.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\gadget.xml.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\ImagingDevices.exe.mui.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_ja_4.4.0.v20140623020002.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Defender\MpAsDesc.dll.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Windows Sidebar\de-DE\sbdrop.dll.mui.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe

C:\Users\Admin\AppData\Local\Temp\db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe
"C:\Users\Admin\AppData\Local\Temp\db9ba5c0122d8d9eaec043f07f9e1c4751d9e93af7df30b4f7e71dbbdc156d52.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
67KB

MD5
d5a1ef888e7d015665aeef453f7e7ec9

SHA1
432036d757b213bfd8d8fd34704ec89c385917d2

SHA256
67989f41e35919bdeda08d8a1908b2c6daddb5b4ec6b15318ec285d180938f9e

SHA512
07240130bd255ca82f81d683b5ab8355302134b41e1bc754eee4af0ddd64b29d8185a9c301edcc66c9ddefad033ae845fe67a88ceab097d660b13e4ba8d9fe0e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
75KB

MD5
78dbb1abf7e4cb2619a7275b84f579a3

SHA1
0a9cac5dd691e5398078c7d9ef9b3bb5fe2192fa

SHA256
da4f5818578f5df0f8c63e0e8575b389f09afa51420f6613064b19cc771b2ea6

SHA512
c62f663d27aadba30e4d265ef766a00b3e32ec7326becad522afd5564591fe19f184b17c8817a02be808557a537907c4defcac08686d754f884274b04f0e8497

Download Submit
memory/1000-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1000-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download