b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-09-2024 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
Size

81KB
MD5

3837c74ecdcdca54d182b17aa48a0d19
SHA1

a655eb7b01e4454dc356cc03a3f3161b1e3246e0
SHA256

b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe
SHA512

8e954c90aec62be35cd7b9cdd749e8a3c4c1b626f2e16e6fb00e19e0c8720beab922ba9fef501ed634e07d3b84e9ade821e9dac78dc0f07ada8c1977a2bddb83
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9B6r7BT37CPKKdJJ1EXB2:V7Zf/FAxTWoJJ7TOtTW7JJ7TOF+C+r

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3440) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1868-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b00000001226a-2.dat	upx
behavioral1/files/0x0002000000010541-6.dat	upx
behavioral1/memory/1868-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpEvMsg.dll.mui.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Glace_Bay.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_ja_4.4.0.v20140623020002.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Davis.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Windows Journal\NBMapTIP.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-oql.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPSideShowGadget.exe.mui.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Mozilla Firefox\qipcap64.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\7.png.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fa\LC_MESSAGES\vlc.mo.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe

C:\Users\Admin\AppData\Local\Temp\b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe
"C:\Users\Admin\AppData\Local\Temp\b93273c3aa8b3a779fe53baf1edbfa35d6aebf23c28a787219d364eaa33f3abe.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
81KB

MD5
f6e5843e3cb6dd1ff53f660ff1905c14

SHA1
12bf156c8cb0f0f4550b1b41b119085b59cc6100

SHA256
dab58a73c688d0c378e0a2645886a1c1f6d73804bb5bf524f9085e028d984fbf

SHA512
9100965d7d65d63c448494e86743973500269861d13cb6fa2f85e5eeeaa7ef52554ae103412b0c430620c16ff302ad7c3f746e94cdf1201bc634a19090ff8f92

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
fea91013fda14c22f27a84d7e77a6d82

SHA1
88da366c21ef0d3fd1282f44b7f11a1c4ef8278d

SHA256
f7aad11b7e29dd7dd6b4c32d346728ddfcc6fdd3cadc48d9dcfd4ceec4b1ec3e

SHA512
92a5dcae13a66d6a60500e051cdd6d79f9ed27bf406b3fc241329b7eb1ef1ce67a831311db5eb77171c8c54acd1c4e1b1b7dda922d9a89c674ad97e2e357b7cf

Download Submit
memory/1868-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1868-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download