14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
Size

150KB
MD5

9d9d814d4f2c8496860bd8be6b8ef208
SHA1

ed729e6614dfa663976a14d4437bd83e8b295db1
SHA256

14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5
SHA512

a519402c57cae9a8b4f0e3c09ac9cee1f7e9be8a32076184f63413ed5b3af13383b525e13b3791b4038d645b9be5950e8e600031dd6b0e6064939d9b81d7c764
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zx4LgL2TWn1++PJHJXA/OsIZfzc3/Q8V:fnyiQSoFcSQSoFcZQw

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3448) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2692-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0007000000012118-2.dat	upx
behavioral1/files/0x000200000001067f-6.dat	upx
behavioral1/memory/2692-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hebron.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-loaders.xml.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Windows Mail\MSOERES.dll.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Algiers.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPDMCCore.dll.mui.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\main.css.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jre7\COPYRIGHT.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-timezone-l1-1-0.dll.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Mozilla Firefox\softokn3.dll.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe

C:\Users\Admin\AppData\Local\Temp\14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe
"C:\Users\Admin\AppData\Local\Temp\14ae2910a00fdab7b61be8ec8097c63a3349c041940b070604a3d130c3cec4a5.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
150KB

MD5
2ef662be4c4afb49fe74f4774ad06c87

SHA1
49ca63437421057134004816a68d5ae774b46263

SHA256
793faa287b8be30ff5c0a04b48b9db1dad89bd3f81f5183446d6b479f9d09dc5

SHA512
a4c93867bf103887943dbd121374e5b9c290a2ea2aecbdb7131ff2bce8f64e2180afd431e2a750be9e4fa39c76add0ae36b1b01a6a083d1b3e9de0fb4a656f6d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
159KB

MD5
a9036d76b82642744665e0e26e3beb7a

SHA1
ab91ac2314e4b30321a81a752f0722f5d6cb1e20

SHA256
975f71561a95e38e71ae43efebf944e050fe86aaac4b79ddedda6075e8d50770

SHA512
3409b805084138694c27711f932175accc61933fcaa2c50b99eedfdbcf63eebf498991764e31f893532285035ca3e052a1fa2e3a1d2091608a6c9a2b314302d9

Download Submit
memory/2692-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2692-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download