f5583d8152c67c56a981fc87151c189c0ab5fb53f129cf8df8632c85c99039f9

Analysis

max time kernel
120s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/09/2024, 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

923aac0ed1c6dc1ef2adbe09e76947c0N.exe
Size

40KB
MD5

923aac0ed1c6dc1ef2adbe09e76947c0
SHA1

5342b5162c5b18aab525f2c5864ff1a54f89b007
SHA256

f5583d8152c67c56a981fc87151c189c0ab5fb53f129cf8df8632c85c99039f9
SHA512

2156f0263258805e270541a7430b13a6cb93b2789810d765a33ab9e3cdbdc3d4c77529bc9b6f403cb632578dc533566bd1de93f0491b26764ad3ff71df3860fa
SSDEEP

768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti2Q8Q7:CTW7JJ7TTQoQ1f7

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3461) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2188-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a000000012280-2.dat	upx
behavioral1/files/0x0002000000010617-6.dat	upx
behavioral1/memory/2188-75-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Andorra.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\common.luac.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libtdummy_plugin.dll.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sv\LC_MESSAGES\vlc.mo.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\DisconnectUnlock.gif.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	923aac0ed1c6dc1ef2adbe09e76947c0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	923aac0ed1c6dc1ef2adbe09e76947c0N.exe

C:\Users\Admin\AppData\Local\Temp\923aac0ed1c6dc1ef2adbe09e76947c0N.exe
"C:\Users\Admin\AppData\Local\Temp\923aac0ed1c6dc1ef2adbe09e76947c0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
41KB

MD5
aa7191cb917cdd855b117d27cf843bb9

SHA1
4cc65d601a7790527c10076fbc9f619e08f19eb1

SHA256
d2e677538c0237beba8e85d8c8b53e2ab94fbd0d6ded5e517ac4133223124547

SHA512
70088c940bdb0d1953a32b5cc037972232716e94920aa2677089da6dc3afa44a0eea93445db6fc2289925e5413d2a691db92c43720a3774c5077683ee2f572dd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
19f7825c6e013277dc9fa7a3d9d153e4

SHA1
c933e2359c62a22972e6973409f0a02b4489223d

SHA256
352bd0a28d5e916efc32e74c4ac2db5d2ef57bf6087d87433361eedfd8c1c636

SHA512
8238f6143aa025caaa9b57d619730c2c78a2e72f54bf9b6ebce87934c3514ed96fcc9d2b7be2fbf0e748abf048deb0cc37aebc2eb756a202562742dfd2523c98

Download Submit
memory/2188-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2188-75-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download