31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7

Analysis

max time kernel
147s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
Size

66KB
MD5

8ff6a17f4a0358d15d8cf473f732e141
SHA1

ba17bd835752cf291a3c371c84ed8a3f69bed55c
SHA256

31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7
SHA512

9a32c37d2f1f18c4083330109d4f64091fc62fae1bdd747512c1be43e075dfdbb2bf7fe653a11d4c8170604bd0e9422cfa572281e7744e6db1c4e23f51061ee4
SSDEEP

1536:V7Zf/FAxTWoJJZENTNyl2Sm0mKuC1TC1q:fny1tE42Ej

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3564) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2096-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000700000001211a-2.dat	upx
behavioral1/files/0x0002000000010541-6.dat	upx
behavioral1/memory/2096-64-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Rothera.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\settings.css.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\Tulip.jpg.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_left_pressed.png.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jre7\bin\instrument.dll.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.png.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\VideoLAN\VLC\AUTHORS.txt.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe

C:\Users\Admin\AppData\Local\Temp\31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe
"C:\Users\Admin\AppData\Local\Temp\31be9a01c6da5324b9900959c1e2d951f1f1dbab7417836c40f38f163ef89ac7.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
66KB

MD5
5b025f24a74aa38574ce82e69858418e

SHA1
6bbeb9f12eca848f0370c611b5b0dad2eff12c52

SHA256
5b27db089f11d6a25be278b9d16639f1c1efe19363619bafc83b1bc40e6b7d0d

SHA512
ce84cf4ddbb69ef05234d13f6820070e32f91db2a82beb0e1445819dead756b7ff86d776e0431c5257126dd4f05711a44d56aed60f47efd735d27903a170bd31

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
75KB

MD5
c3588fe80d29dd7be59fe9690e669e63

SHA1
14c5384828729535b02723e624b72a59797bb33d

SHA256
b3c550b6cab7227f08979cc0cb6026e59ae5a54811cf89b2553336b58a3cd098

SHA512
93d16e2c74d1e4342eceb19265857135c7530f106108ea7f1a31df953a17ae5f9df660ff30e5019bd4c93237410eb529e8af011e9bab43ba82b8683993df7e58

Download Submit
memory/2096-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2096-64-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download