b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 02:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
Size

59KB
MD5

6c94bfa295ec06b6b8ca3588bce54686
SHA1

19ee8a80d4fbabf2839d4d9ebcf8f126ae604618
SHA256

b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc
SHA512

ce666da3c0dd6a0498a4d08c500a7954d54b80091dbed4a01c43ff436f93bdf20c929d53a1ad63e61e0a47e5bd110d5f123ab361a45aefa0c2e0ae234b86ba65
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiVrw:V7Zf/FAxTWoJJ7TTQoQVrw

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3453) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2120-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000012031-2.dat	upx
behavioral1/files/0x00020000000104f5-6.dat	upx
behavioral1/memory/2120-62-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Microsoft Games\Chess\es-ES\Chess.exe.mui.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jre7\lib\zi\GMT.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\ReadWrite.xht.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_zh_CN.jar.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Windows Journal\ja-JP\Journal.exe.mui.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jdwpTransport.h.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Windows NT\Accessories\es-ES\wordpad.exe.mui.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.RunTime.Serialization.Resources.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jre7\bin\nio.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe

C:\Users\Admin\AppData\Local\Temp\b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe
"C:\Users\Admin\AppData\Local\Temp\b35b4265423de7d3540b7a6b6ab0a8853c2755199b9f5c75ce8baeb1d25ba5fc.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
60KB

MD5
f776cc96c7d077ff26060bb5f7ad06ce

SHA1
e0976f62cf83562f09783f8e1a0bce8c6fe18ca7

SHA256
b9206b7c8327cc713e53d332f548642fbc77a8042f252d821fbd95f7ae450b4f

SHA512
bb0e35685e0bf3bc42f7746c58ed8e081ce8da2151d523bd4e47af3d4257c3889cf4f8a4109777497e36934c8fc8b203f2f80b8083ae83ec86538a9d2a46ff97

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
68KB

MD5
322b560fedb31f1e48e8d9d2facb8070

SHA1
451eed91dc2b7e0a277f7d83816370c42f6b95b6

SHA256
53658a6c3433d101cb2ed7f38db8d8931d5c9086ed73e051fca32bdfd2dd4bfb

SHA512
bd468b99169281942fa1026127ad2400d56c0a0a465655ddb655a6b34e282c28fa53db0673eb846ceaf07c9e0fc0047c8b419870bd79be5bd413465ab2ddb6a4

Download Submit
memory/2120-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2120-62-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download