cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
Size

589KB
MD5

988c8b5f797388961e4ba7c1440fa31e
SHA1

57bddb20ccd3dedf28c2d677ab6c9c0ee3d0831e
SHA256

cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6
SHA512

97b908f11e330db5106bacc4ee857d647a0f831261f3d9f587b5414c15d44e986f0046c473df760cccd905eaf4c2f69e21e470e80f17a15ec7b90f70f20b1a64
SSDEEP

12288:VQtAJOPMdl5b/wn0Z147JaYCT77MNXYnno/28:VIARxnrF74Yo/28

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (1911) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2840-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0018000000005c50-2.dat	upx
behavioral1/files/0x000f00000001045a-6.dat	upx
behavioral1/memory/2840-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.xml.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\DisconnectBlock.emf.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding_1.6.200.v20140528-1422.jar.tmp	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe

C:\Users\Admin\AppData\Local\Temp\cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe
"C:\Users\Admin\AppData\Local\Temp\cc1a4622e8f2e3a5fea367cddfa1a338c7b18eadb672be9ba6f083fdac94b0f6.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
590KB

MD5
63d88443bb0f5d9d1ab4ab0f3476c5d2

SHA1
6ddc8f1be3811fe54415474b6ca3d24538ed2b0d

SHA256
a580b90a744d802494409971aa69e788bcd0b40ebcb12421c143aaad7d7cd8af

SHA512
03281e0fcc863756c41f2cc859a90143c4739246e043ac3dad370b97e0ae429a6c418a2f2000279248f73e37dfb858f6f6f49827585e3141ead90434e19f2007

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
598KB

MD5
b98abcf8ab29c73b10cdc1b13a3c1060

SHA1
ee6f6550541e084c6c844d86b56f929837405c24

SHA256
8e1b4517ab121e38412af3f7aa313ac0ac41b78c5379716a96a320391b745030

SHA512
496432f0d9407000c2ac46a9e0566051eb4306306259a5c5b01c642a3a13c1544f2114f39bcfd68763e81bbcf66fe12a1b652962968718458337793f9c2511f8

Download Submit
memory/2840-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2840-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download