9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 00:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
Size

31KB
MD5

d460da016e38a65e332fd96e0ab0c68e
SHA1

7f002e5104c19d45b03b964e6718270891eb0fff
SHA256

9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9
SHA512

31d244c3d080aa78f9f7646884f7fa47f332c41950239eda3b54e4164e822e4ae44c7e9916d23c655b6995bc2679396b7bbe48954589f5534d9932ece228393e
SSDEEP

384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+9gOSp9z:kBT37CPKKdJJ1EXBwzEXBwdcMcI9IEG

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3758) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2156-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x00090000000120f8-2.dat	upx
behavioral1/files/0x0002000000010489-6.dat	upx
behavioral1/memory/2156-73-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libedgedetection_plugin.dll.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ADO210.CHM.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libyuv_plugin.dll.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\FDFFile_8.ico.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\Keywords.HxK.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\skchobj.dll.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\ChkrRes.dll.mui.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Windows Defender\de-DE\MpAsDesc.dll.mui.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnssci.dll.mui.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Flash.mpp.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmpg123_plugin.dll.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_pressed.png.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vilnius.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring.xml.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\calendar.css.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
File created	C:\Program Files\Mozilla Firefox\nss3.dll.tmp	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe

C:\Users\Admin\AppData\Local\Temp\9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe
"C:\Users\Admin\AppData\Local\Temp\9330069bbc7a0a48729e20152b40cad189666df658f605fa6cea8f4388bf79e9.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
31KB

MD5
3e5f3d9b21df4f387413fcf90da2f478

SHA1
84f90ba81e445875ea541307f091fafc5c58a2cd

SHA256
cfc6a6b874468c89836210c4eda956e407d5f2c6419d365f2070a845ee1bf509

SHA512
06f8cbb90573c98b37d27bedc0e3e077334dcfa45c7c704301386ae79e680d05266a6962467e107b99db5e6bda37e3add60597503b8810e4ea112b83795c10a6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
40KB

MD5
6a0277eb59716b1c45da5bc65629f744

SHA1
654a353e61431bc0c706dd2bb506216f7ebe4b34

SHA256
cb55e7238c0ccfd79c75db68d954792e6f29023ca7f1275879812819bfa3fd6f

SHA512
659509b08e88036d649340e760ba6768f27b86b9cf7452c380ddd3b3ab530c5950d6568a6e1d27fd63387135834407b3591599e1e92fbab70d99fd669f83265b

Download Submit
memory/2156-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2156-73-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download