5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef

Analysis

max time kernel
146s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 02:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
Size

68KB
MD5

eaf9a01ca02c980f45eb3ff7cccbe171
SHA1

c8aff2148c2edc2285b575eea9def2d823d4a690
SHA256

5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef
SHA512

8c6648b9fd766e64d27c2c88b8428f15cce0e54d1bf5031f4b53db26bd1372253cac000ed76ce5ea68a367e5ab08a23e17d7abb08ec7fe619209577356b71859
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxY5RWxh76b:KQSox5b

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3457) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d0000000122e4-2.dat	upx
behavioral1/files/0x000200000001067f-6.dat	upx
behavioral1/memory/2344-69-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\gadget.xml.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Windows Mail\oeimport.dll.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\clock.js.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_asf_plugin.dll.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jre7\bin\glass.dll.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\picturePuzzle.html.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg_orange.png.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
File created	C:\Program Files\Windows Sidebar\sidebar.exe.tmp	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe

C:\Users\Admin\AppData\Local\Temp\5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe
"C:\Users\Admin\AppData\Local\Temp\5ff5c7ab230279ccab65b962a26a21ebe4077dcc1dddd528e8ad3298851cbaef.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
68KB

MD5
47d2e8a8c0297c627fc34fb8201e7627

SHA1
2a2d0e0d71d135770ca3fc236bd4decd9495cf0d

SHA256
6426994bb14e9c259d9a866020a4d9c7ccf6bab799b39664befdd2a351d143cd

SHA512
c439b774362664444f3c6bacbd42ed0b74a3f1d5873f2844db403414e57270bd5fa21f6af2d352a1e2f89c4556b2be1079da3b385bbd96b668aac39a150fb071

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
e02a1fbfc0c89aa19ee4615a253e0b54

SHA1
c2474ab5d2c0805340a3eb8daea43039a96c460d

SHA256
6f65d8b7d5790785d6b6b71f44176b6e0bd1e4eb6389673ea348122c895cf485

SHA512
01e661a3ed939752fb771f847d0a09276d4ac0332c19fa8aeab976c2742ba858824aada25adabfbddd64ded7ad0466923f01008f957ce7c5a93f5538c2e5cbd6

Download Submit
memory/2344-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2344-69-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download