fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
01-09-2024 05:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
Size

81KB
MD5

430bcdac37ab641700795a179cc63a0b
SHA1

6dcd396c4a8bf9f9705493167b1a9c6cc1329d53
SHA256

fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5
SHA512

44646704b1b16c669ce7e32826f7ba4c11e4c725f1e73014fd787f24803d2399b6f515412303f6ade7482544df17c080ea9a2533e43c1356ad1e413a73fe6a8d
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZT+StuSts52/:KQSo7Za+u+s52/

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3487) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2480-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b00000001202f-2.dat	upx
behavioral1/files/0x0002000000010663-6.dat	upx
behavioral1/memory/2480-69-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatializer_plugin.dll.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_flyout.png.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\clock.html.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\gadget.xml.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.json.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\settings.html.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\icucnv36.dll.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-ui.xml.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help_3.6.0.v20130326-1254.jar.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe

C:\Users\Admin\AppData\Local\Temp\fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe
"C:\Users\Admin\AppData\Local\Temp\fd41602bd01f6bed493340c183206e2ce0aac7647343a36d5dc00191539ec5a5.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
81KB

MD5
ff934dfc1b97e49a95447305ea33324c

SHA1
234712420b8e2b968b88123f29152864ac9817a0

SHA256
0c302360f53e2e975cc92f0661b388b8dadd621ebfdb6da70d11e89b6c2472e2

SHA512
26b1a4b11bedc6ae3b4752bcdc2fc1d94c6f8340a6881b392b893f93a9fe292cfb04b00e334f03cdd913d29a4e72ceaac2834fbdcc6f45bfcfc1de75c2353472

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
494af5bd6b90520761cd4a41e708593d

SHA1
206d0f030586d6161bf0aaf2459630f4d32900c7

SHA256
977dfd641b174ee957d018ae790c5d163272c06d3272a4deb1e0676416c1a0c6

SHA512
1b978e9ebea400a8d2d91b365bf0be47babf7783614e8d9c65c317762502cc29faf91d56be848fbc81ba1aee66c46022b5a11bce48bd67f91c36df16aa6ef90a

Download Submit
memory/2480-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2480-69-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download