fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09-09-2024 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
Size

57KB
MD5

3861436ed46aeae59b2591352d585d7a
SHA1

d76cd52cb8de1f1902277ed08af6812c70ff861f
SHA256

fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c
SHA512

7c026f90111c7d6fa488001072014b54f8f40449f1717be2cc34ae1e26303fe04c3cbd4744216b606778b441f3d57c93955641fe71f7752e83db06c81165ddb9
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9GRtfxligi1xrligi1xp:V7Zf/FAxTWoJJ7TofxAHXAHd

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3791) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1552-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b00000001227f-2.dat	upx
behavioral1/files/0x0002000000010664-6.dat	upx
behavioral1/memory/1552-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\EPSIMP32.FLT.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\skchobj.dll.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST5EDT.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\settings.js.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\slideShow.js.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-last-quarter.png.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.FLT.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-ui.xml.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\setup.swf.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\localizedStrings.js.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1257.TXT.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_zh_CN.jar.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mouseover.png.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\rjmx.jar.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-io.xml.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe

C:\Users\Admin\AppData\Local\Temp\fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe
"C:\Users\Admin\AppData\Local\Temp\fb92cd33504b88c0f1fe46be1f295656fa25d4e9a2d6f044f8360369f1f2c76c.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
57KB

MD5
6098ece96c55c205ce85638ca5801728

SHA1
f753dadf78a072bc2b08e2bfa988803decfb2763

SHA256
8418eb16700ba1a4890ff83f1330fe73673fb5b2bec89aa1e2ed24077e9f28f9

SHA512
fb7203006c5853698d461dd9cf09e7a783e2a1586ee52e66fbc2d98f9229f781816b207976618e43029f1e99fbb6c1f12ba07293515f7e5f2a4bccc111b5581a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
045750f160e2bd8f923a86ccd409d80d

SHA1
61d29018816a719d4c219b0c953220f3d17f03aa

SHA256
b9b066da9b96cc34bf79c25baed0bfb9c9386fcdf3c93bba14e328993bb19cdb

SHA512
4dfc726ef76eba9819208c91836412586385c27881dd62dc1a161434e507fe107ff215c5488c7576fcb3a73ff58a65ee8617529c33d29a91509854d11d22b4da

Download Submit
memory/1552-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1552-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download