f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
Size

41KB
MD5

20d49eb6d359108f567e0bed3a0b1a70
SHA1

4f3d3744b1bca7e78639b2a49a52dfbeafe337a4
SHA256

f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a
SHA512

451e6cd50f0e3b19cf5a0bacbc258f83611d4d691f57aae344064d756003a736fbbc7c17e26b901183133a29c793039f0b1f37a2eecf3cc7f1ce5d6c641d179f
SSDEEP

768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeIiKxy:CTWJGpG8nIx

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3825) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2064-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c00000001226d-2.dat	upx
behavioral1/files/0x0002000000010485-6.dat	upx
behavioral1/memory/2064-75-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\imjplm.dll.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SendMail.api.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.sig.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\MS.JPG.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ku_IQ\LC_MESSAGES\vlc.mo.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Windows Mail\en-US\msoeres.dll.mui.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STC.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\spacer_highlights.png.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEOLEDB.DLL.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\settings.js.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\stop_collection_data.gif.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mousedown.png.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\EPSIMP32.FLT.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_zh_CN.jar.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe

C:\Users\Admin\AppData\Local\Temp\f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe
"C:\Users\Admin\AppData\Local\Temp\f3b3bf364dd68899bc5ead5dfd2c211d347d129c0eb1f806f14ddf17aa38718a.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
42KB

MD5
514a370fe8d3c4903b6c7aeb1e00ebf9

SHA1
915000b896badc85bb4b318d7f5468c0efa2145d

SHA256
7e541a225575f3295071ab69d0d161535d53d97285a7000ec135840fb139ee73

SHA512
7c4cc84c357a1e273bb83e845a879c8567296b47813657126930be028fb9369d9b737ca345a368bd83ba2e48645bdcc7239cf717cddee1dbbf94f9abba9d154f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
54932430dc194244ed63ef67843d9a22

SHA1
8594a6b490e1b94bde986d2e95708049b8db59f1

SHA256
07588ec3f8574151af9bba462925beff5b983a6298a01e31b9facdf196ca6d50

SHA512
267ed79b3856ed8e76f8cd6a64a4906294965f5dc8a04b53c635399f2ed7e53919638ccde564ebf71c99aecaaa1f9ffbe04165ca5ae87267fe3bd6ab6be45872

Download Submit
memory/2064-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2064-75-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download