3988afd21c8e6d4f6c8f4fa0c8681520323c0d388061a101bae333736bde1d74

Analysis

max time kernel
120s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-09-2024 21:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2261791e3b295184d1be43f1c438f120N.exe
Size

126KB
MD5

2261791e3b295184d1be43f1c438f120
SHA1

b9660b58bd497ebbdf8a3b7381572ce3995f0047
SHA256

3988afd21c8e6d4f6c8f4fa0c8681520323c0d388061a101bae333736bde1d74
SHA512

b3a8bc7897d72e9e7f9b7995d87bea88a24898eb13ff4d78b03ddcb2359a0c4d6c15aaadcfb4b854377068c4207d933b1fbc0cebe897f67687b5f15d68420043
SSDEEP

1536:V7Zf/FAxTWoJJTU3UytJfOKI+h/YI+h/BUuXceS4JseKeFdasaX:fny1sI+h/YI+h/BUug4Gv

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (2579) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1904-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0007000000012116-2.dat	upx
behavioral1/files/0x0002000000010664-6.dat	upx
behavioral1/memory/1904-50-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-utilities.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding_1.4.2.v20140729-1044.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Grand_Turk.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\CompareResume.AAC.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\attach.dll.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.tmp	2261791e3b295184d1be43f1c438f120N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	2261791e3b295184d1be43f1c438f120N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2261791e3b295184d1be43f1c438f120N.exe

C:\Users\Admin\AppData\Local\Temp\2261791e3b295184d1be43f1c438f120N.exe
"C:\Users\Admin\AppData\Local\Temp\2261791e3b295184d1be43f1c438f120N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
126KB

MD5
86e1a5c4013e9045db1258c01322037d

SHA1
2ae85224ad442ad6c77eb838655e5e88c6e295e0

SHA256
df7ceae6e0a1c0320985aecd81d66dd7910119145205f744b2561a0cb810d4bc

SHA512
c69afd32b40e43882b5ef8561d74325ca339da3a4a9e62d7684ca56391516d627eb86d522d0d764ebfe6895fed7b0be0773e952b3ab079d7b53c0ca04528ccdb

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
135KB

MD5
e035773bcdbcdc56266b640bd8217956

SHA1
754b733fa78b5655fbca2d03251a2ed627ea6169

SHA256
5122c93fe8f332d1f620b3ed21d0c2a935f6bc963351b243bed1c1af816e4cfe

SHA512
f65519c098adcbbd75c24766d21c2f98494c19a21c4c8d0fb74bb22bf8d23192646b8dc896d76740c141cf81c1eef9c3befed4916f5cc9cb19cc4295b9d8d817

Download Submit
memory/1904-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1904-50-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download