bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15/09/2024, 01:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
Size

504KB
MD5

2af4d594489407714532ef1e624a96d0
SHA1

929b01525740601d532af84ca5d8687bd9cba2e9
SHA256

bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06
SHA512

cde4b646d386ca47ff83313d7c66de137292a73541f3c303a4a59fa9890cb34953857de79c456495368e0ee02e6c86766fdc582bfb9672fa96f5ab3973eb8fa8
SSDEEP

6144:KGnLtZHb6Ll5dt4VNCHW1DO7MuL6ISOKQ2:Tnh5gl6ZDovVEL

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (1980) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2552-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0007000000012119-2.dat	upx
behavioral1/files/0x0002000000010541-6.dat	upx
behavioral1/memory/2552-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe

C:\Users\Admin\AppData\Local\Temp\bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe
"C:\Users\Admin\AppData\Local\Temp\bd1fcdca2ede844ce4d72c324107c1619e0864fbb8ab2169ea03a24a78831d06.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
505KB

MD5
8ffe33632bbac81c36cc7795246f9485

SHA1
e6913eebccb6a69614a3dd455264d0b5291dc1a5

SHA256
dce2a6d7de53d9cf2b0c0a723be09b8f0d40aa0309d7755a31db64cadd4a9b00

SHA512
e0430734326071b633b5790f1a7c27938048a3cad17b5ae97beac9f5089c634a2b6efcb8bd8d9398b18505c2acb1c4b0684ba89c312064235ecdd698a09de9ba

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
514KB

MD5
d6cac568bbedb069412809a944a2b9fe

SHA1
3c0de6f069c79e8da8996013f0493303fffdd111

SHA256
09e6a1c9dfc57a0c0f6fde867273bc3260268c08e0d096e83296a885c7022ca4

SHA512
4f058776cb8c6f5146d51c167fa2c84048565e080989860ff141cc7fb1c1143116ddc9dfbc5224e05409365b2a3900ac9630f7be77f0cfab24005292b73c9063

Download Submit
memory/2552-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2552-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download