7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
Size

49KB
MD5

c43beed26a159e9830570c8efdc01be0
SHA1

61697d26b485785729d80ae1830f80926bac26df
SHA256

7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07
SHA512

02c07be24842215e757cab6eeebca17e92d78dc8dcd36885dbe4b9cd35389360dee8033037d012a53c65be7493aafa505413142bc902bb6b6790b6374ccbd595
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9UwFVmVy:V7Zf/FAxTWoJJ7TiwFQs

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3883) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2224-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a0000000122ea-2.dat	upx
behavioral1/files/0x000200000001067f-6.dat	upx
behavioral1/memory/2224-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wake.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\AcroRead.msi.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ndjamena.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Windows NT\Accessories\WordpadFilter.dll.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libskiptags_plugin.dll.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\gadget.xml.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_Off.png.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\GetStep.mpeg.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceDaYi.txt.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEEXCL.DLL.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_s.png.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Windows Mail\ja-JP\WinMail.exe.mui.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_ja_4.4.0.v20140623020002.jar.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_rtp_plugin.dll.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libtransform_plugin.dll.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\create_form.gif.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc-48.png.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\br.gif.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe

C:\Users\Admin\AppData\Local\Temp\7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe
"C:\Users\Admin\AppData\Local\Temp\7e474bcaeb24584b51ae8c8cd5526bf11e84cf406598c4f2dafdb1aa705bcc07N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
50KB

MD5
2a1cc2ea4767a986dcc67fce2b839269

SHA1
784569acfdedc2ba85d3da22659c5817dbb3cb5d

SHA256
101d90ce7c74031cf7e42bc3c3896124c421026d32dd77659512191905c675c5

SHA512
622aa3045aa883616c2a7fb3cc904eb61ab0468547d710830b99d70a725c7352550e9a8429207f6e237c0873094b29d1aee3c7737a1b7b192791310aa8565fe8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
59KB

MD5
cc2ffa429df1b159f802fe94c9de467c

SHA1
370e0062e38288c956a959a8c4d4678a96c374df

SHA256
3de26331bbf485af4a2a1086a59e913e4764a7d5cf291e7c9d0fd25e4187ca9e

SHA512
f7ee9d3a17302cc95a08fd87cadfd9eb9e8f17577c02886e51d9e561b3c313a43c4e7d02d787d869ec2977198fc9f70b9d11a28e54e6b85f053dbb869ed15759

Download Submit
memory/2224-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2224-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download