b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
02/09/2024, 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
Size

120KB
MD5

0264d9648f481055329e2f4d99e68e7a
SHA1

333fe3620b0335c8a796d9e5bc0d50b8e8325dd1
SHA256

b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f
SHA512

5bcea47bfe0cf2a666f75e6f71942d553e338f73b8f272fcc31e995f674f5f20b9f3f2ceb829bc5ea3f80844d781704e3673345c63634ee58934c6c308504bad
SSDEEP

1536:V7Zf/FAxTWgGpG8n2ryruqjTWJGpG8n2ryruqo:fnyKp3nAqXp3nAqo

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3476) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0003000000010330-6.dat	upx
behavioral1/files/0x00080000000120fc-2.dat	upx
behavioral1/memory/3000-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/3000-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Mozilla Firefox\libEGL.dll.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_h.png.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\core_visualvm.jar.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter_partly-cloudy.png.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\js\init.js.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mp4_plugin.dll.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-templates_ja.jar.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libsapi_plugin.dll.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_m.png.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_windy.png.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Defender\MsMpLics.dll.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\30.png.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Mail\MSOERES.dll.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui.tmp	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe

C:\Users\Admin\AppData\Local\Temp\b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe
"C:\Users\Admin\AppData\Local\Temp\b42b0621f8123aca9b9430ba501de1d1074346788a95c9f270ec7db63cc5e75f.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

Filesize
120KB

MD5
9a8674775c6efad78a061df95256b5ab

SHA1
3065f033b096bfef9d60bdb942d5e0f6e7552a16

SHA256
d851eacb7140105dae964f112b84c1c60b3d48731716ccd09c1c2c70417b1a8c

SHA512
ad4a87b1f9f44b5b8176765fddaa094389d2f0604f3fe5bf7e30aef6417e400b3e449a9fd0a0ad8ad142ae836d32101354b769fff39b20ede3d1b9deca5c227f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
129KB

MD5
6a2150519b860926208931e6d25ae0d4

SHA1
4578cb42272aed29a1e81e63442ebb180ba8aeb5

SHA256
947d85448eb030d52953d3d99faec6a1feb695437007343c4cda22cdb15c1beb

SHA512
b9c032ac2405bbe81686b53bce0b69ae88237733015b055f91da1d07c1524edcd04181048bbc2c8b9fd4b248d36d7fb8355555211c04f93dbd2b053634d3a4d8

Download Submit
memory/3000-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3000-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download