4b16a20d2c2fca0956598f598af6232ccd683d8b94cc1e1032ba7c2e3bb4ace6

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
06-09-2024 15:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0412402c15e068cb92e31bfb109c2a10N.exe
Size

62KB
MD5

0412402c15e068cb92e31bfb109c2a10
SHA1

1bc9473a1f4137dcc93f738187cf11d0b2ab3b51
SHA256

4b16a20d2c2fca0956598f598af6232ccd683d8b94cc1e1032ba7c2e3bb4ace6
SHA512

fb95ea45cc140212f2ade7db3a238d7161a6baedbf697cda9f8390038e4f398d3db5329e4fc701eac288571a37d41b8083d5f00645e8ef565b24fb1ba5cdd09c
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKF9ADJ1:V7Zf/FAxTWoJJZENTNyoKIKMuBaqBaj

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3149) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1660-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000012286-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/1660-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\soundcloud.luac.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\es-ES\Mahjong.exe.mui.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\ExpandEnter.search-ms.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	0412402c15e068cb92e31bfb109c2a10N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp	0412402c15e068cb92e31bfb109c2a10N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0412402c15e068cb92e31bfb109c2a10N.exe

C:\Users\Admin\AppData\Local\Temp\0412402c15e068cb92e31bfb109c2a10N.exe
"C:\Users\Admin\AppData\Local\Temp\0412402c15e068cb92e31bfb109c2a10N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
62KB

MD5
d791c2881edef22df5c4dd19314fcb4a

SHA1
c1197edbe2b54de90cccc9902ee9cf80d1cd8bf1

SHA256
d1a4088d0af506f84d3000e3d04cee696f4e311720b02bbe954e64bb713e3ec5

SHA512
6f4b8226e366e48b19d1cd8d95aa5048aaf9bd032c59b72e7709fb51379957f12b35cc6da52770a97a9353aa0fe8a82d760347cd6d263f55448f38ad7eaa4713

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
71KB

MD5
6d3bc042157e6c283d2ecfd2537bae27

SHA1
8e7c29d03dff0332b1b4e32f7a41c5f6b4f68abf

SHA256
875602048203dbc9eebafa1b18c0977726722a53e99b311d839d795eda94cfbf

SHA512
e1a131ac40fecfb11bea390056763c4aa7acdfab241e532eb28bc5ddba459c903a20eff903905f4d8616ffe2d24f246138b23f890e00dc3314670daa61e06c79

Download Submit
memory/1660-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1660-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download