77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/09/2024, 23:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
Size

50KB
MD5

3cd6bbf1df11615bd01a857c3bd1afb5
SHA1

46e30569e4a3973bbccf16ecd3509f6fdfa8b787
SHA256

77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22
SHA512

68d2c63c70d9df1adec48f2fb887c30bb52336fbbcee6bab22f798911bf6a9583718840c6e142038b406c439cc532852cc0bdc44c3339cd1631bd422532a8967
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9mkLhi:V7Zf/FAxTWoJJ7THhi

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3461) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3032-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a0000000120d5-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/3032-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.lnk.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libgnutls_plugin.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\trad_m.png.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.Design.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libtextst_plugin.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_ja.jar.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglwin32_plugin.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Windows Mail\de-DE\WinMail.exe.mui.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\gadget.xml.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\gadget.xml.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe

C:\Users\Admin\AppData\Local\Temp\77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe
"C:\Users\Admin\AppData\Local\Temp\77dea5284ac0307dc797bc7a0b5648a0fb751b96453387174a620a19621f6e22.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:3032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
51KB

MD5
0ace72770ecbd57deceda2e834e4a560

SHA1
b0608dfef22418e9356b98fe23b07772453880d8

SHA256
6faeb71268b28b1588b308f84d7eaadd81e3aebdf7a5314a7df6fd14b06acc71

SHA512
46db8646b85a30b864fa26afcd038d0cdb4759e4aa56f344d5f7f6c3a10c86fb89e82a86bb4e35d75c239df67b653054efb3c5c761e36cb29b3adf9b5ca89f89

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
22e6d358bd44d7ab111106a439db783b

SHA1
301a61297979cf4b3b100293846e2bd37986d137

SHA256
382389bbb52e8e5c2f20399f3510821510f98ec20d52139e2f4fd59d05773776

SHA512
107fd11c6e141a8051f0bf413846300ee9eec95c10c108215193d2104d29441734113d0ba56126fe3e6658ab6114a76061030a994f4da4eaf7caca82eec8734d

Download Submit
memory/3032-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3032-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download