ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9

Analysis

max time kernel
120s
max time network
21s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 03:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
Size

39KB
MD5

e4b8c5d772cf72bb145465ac7543a650
SHA1

2ac4e669c6f891cac42e02b1cfe9aa8ce68d190e
SHA256

ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9
SHA512

1a5629b9db27905ee338677d6c3211bb286f86279645c6b1882e78827eaee667318b3cc515ac9a12eb858bf3fad8baf265409afb802f553faa291612559261d8
SSDEEP

768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/tijLeoVERZLeoVERh:CTW7JJ7TTQoQ4Wh

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3262) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2104-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0007000000012119-2.dat	upx
behavioral1/files/0x0002000000010541-6.dat	upx
behavioral1/memory/2104-70-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\WindowsAccessBridge-64.dll.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Los_Angeles.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Pangnirtung.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Honolulu.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Sydney.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+10.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Design.Resources.dll.tmp	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe

C:\Users\Admin\AppData\Local\Temp\ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe
"C:\Users\Admin\AppData\Local\Temp\ae6405cbba8210206821980ba9199609dbb149dbaf78266a99eb02d95c87cce9N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
40KB

MD5
a457285747a7cc78fc17673ab7d6539f

SHA1
2baf09129e1db6fea1f98d61a1276747d7d9a16e

SHA256
9bd792f8d83b5278d243cf41ff32a2e325ced6b15950640c32efbe8aaddbfbbb

SHA512
8054fb67ca12551a1e90b11192e1af3b9b6275ba66405c5341026bdc532f7579693e23be1406f6a26418fa9816c69f2a930a2a097c2fe942cca8e2807542284b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
7dd77a2413a9865b6f290d36b6e91fb7

SHA1
0129f1146417e88b287c941ca3a4ca119769a305

SHA256
8a6176f8366c113c9412e6c88961e91cf64c4a06689a18ebff1ccb42c33bfb5b

SHA512
565e655ac4068821f4512b3a90f7be5ca0f7d31f69ba61de1ecbd366f335dcfd211fedcbf1aa3adc2ad85b4fdd4a9de1cbb1ac9e2bfbea7295dac8e364c4cfcf

Download Submit
memory/2104-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2104-70-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download