b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18-09-2024 09:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
Size

636KB
MD5

50598053f074ac748305775d3e749650
SHA1

0c69d1a766cc72aa53a54cc0d0d19609de1b0205
SHA256

b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2
SHA512

8743943fa39affbf43018a9d58dee47805622cba3d79697f3ddc44755b1c6ef35c16c5e0e1c7f0125dba09081238f2d6a0c359ea5bfc07c282ed20c0eaa58709
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9ebZoW:V7Zf/FAxTWoJJ7TYZoW

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (1172) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1708-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000012261-2.dat	upx
behavioral1/files/0x0002000000010541-6.dat	upx
behavioral1/memory/1708-66-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Adak.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\tzmappings.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.tmp	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe

C:\Users\Admin\AppData\Local\Temp\b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe
"C:\Users\Admin\AppData\Local\Temp\b62c6e0703d82e11236088ef6db4aa40bd91e1430bfd916e68a164c2c66780c2N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
636KB

MD5
e41fb08c49f66f89a4f60f7f9c5cb4cf

SHA1
f001c668371df657339b4c3a2996d51a9d7799c8

SHA256
429a0f7ccee83e438afe42619618a4b129840375710e7220bb3e6eda72e5d236

SHA512
b51070202f8ea2bbea46b5b62d4e9d868872935c309d659494dabcbf837819d1f6b0d146a6c004f3ab1e8e6c1c0c9abd06fab34006ab948ac7ba2cf1f24a8154

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
645KB

MD5
779c8fc1ef8617b6cef6734211f55e9c

SHA1
68d34f2051bc498745793e75233644e7b3daf357

SHA256
94bf15420f0172e675261b190a849a600d2ef39a44853978c46cf237029ecdb5

SHA512
12888a8e964fe47cc2937abd40e864ec2f0e966d88c97318e795253f843aada41b3bebccea378c5e59253efc4ce6fda209be76bdabb4632c55738cd8587f66dc

Download Submit
memory/1708-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1708-66-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download