93e0f8da812fbd2eaa70104e5300090c8cad7cf1d58336ea08a28f10fcba15ed

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
05/09/2024, 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

580e3af0c61ed9a603bf411b5bfe4520N.exe
Size

45KB
MD5

580e3af0c61ed9a603bf411b5bfe4520
SHA1

f32bf1aa9928e61a77b20a2fc7b8cecdd4c61583
SHA256

93e0f8da812fbd2eaa70104e5300090c8cad7cf1d58336ea08a28f10fcba15ed
SHA512

7765c6923a3fc1d2b82e1564c637da2bebc28a197d58c7813c78c36ad1e1c547a599c0978ef64a1e5d976a6ac486cafbd9ce6f0f052b54953f7c359e08797523
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcKuU:V7Zf/FAxTWoJJ7TruU

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3450) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2684-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-2.dat	upx
behavioral1/files/0x0002000000010485-6.dat	upx
behavioral1/memory/2684-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Windows Journal\ja-JP\jnwdui.dll.mui.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\host.luac.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sampler.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaribsub_plugin.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Windows Journal\JNWDRV.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	580e3af0c61ed9a603bf411b5bfe4520N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	580e3af0c61ed9a603bf411b5bfe4520N.exe

C:\Users\Admin\AppData\Local\Temp\580e3af0c61ed9a603bf411b5bfe4520N.exe
"C:\Users\Admin\AppData\Local\Temp\580e3af0c61ed9a603bf411b5bfe4520N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
46KB

MD5
6bbefcbceee1264bcfe781db880c8637

SHA1
1bec6ad9580b66792767fc3a0b306828753b7286

SHA256
5efd5913bf73ac570699fcbe66b65db8086c7538a7a2e6c17d4dc989b3fb9eab

SHA512
419d2fd515cc00bee0c460f4cdb7709a9df4782a114a1b955471724f74c506dd5af1c8d9e28c41e3e8a61a413cf1d7f0022a0e0cd78d6c2135531fc10cc49499

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
20fc45a593d523ea86dd518c2c0326e9

SHA1
094bad03b7e6c7a53b97081c5b73e264369ede81

SHA256
441c51a616c2644745b93831242fceda383a33479c5846d6116f25d77b285466

SHA512
cd974b7edd407563c040b168d27247e4b71a9477fbdecae53e105d913c2e28556b2e3e5c3d64858dac2add86bfb89cc5e9d147cc369d375e5906d2368cda1ad8

Download Submit
memory/2684-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2684-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download