f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137decc

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
Size

75KB
MD5

66b80f13f4fd251a7ebc9a76f812cdb0
SHA1

ac8c5bf40ec15c17d77dbdb4bdb480c230243ff0
SHA256

f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137decc
SHA512

14d65c9d3f5ac0e7c8b5359b8647662a436d921f732f1245a00d158b5254cf2d6b652f24398496ffc7bbe15268d7dc5b83049a7a7ab297d32a93f1ac2714b01b
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9ebZo6BT37CPKKdJJ1EX2:V7Zf/FAxTWoJJ7TYZogTW7JJ7TYZoR

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3182) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2376-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000012263-2.dat	upx
behavioral1/files/0x000200000001067f-6.dat	upx
behavioral1/memory/2376-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_ja.jar.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightItalic.ttf.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-windows.xml.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-options-keymap.xml_hidden.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libgain_plugin.dll.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe

C:\Users\Admin\AppData\Local\Temp\f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe
"C:\Users\Admin\AppData\Local\Temp\f822026ba390711dc432ab0876013de527e63183b857e09bcd6cefd6b137deccN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
75KB

MD5
01a7e664c7e5a19bcb89e3ea3bd8198e

SHA1
f33637d0d1f0152338179ca7796361107b225fd2

SHA256
175a4f14aadcb0854653d9a932197a2c5577b85bbeaff1e60633ede0a8af9526

SHA512
2335582c62cc3a762184e7cf9d0ed1c754d456698b1dfe7c4c597ca137660981b9968b231659545e1c8e2df5232ea21349229c1cfde347ab7e54325bea4568db

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
84KB

MD5
45012c1ddf41f58f00a3227b0896bbd6

SHA1
8bd1a173d2dd3b6b5b2e523ad49171daa24b5d13

SHA256
7d6a53c4e2372583e86bc95b987531ae13fbcb4fa336a5769efe788b28f1329b

SHA512
c5250f67fd4c2292ffa61e608dfd69c3239c2f5a39c393de14a2d3d54b6f65c9bcb7a9faccc7ac87ab37fa140f402de9c739da49db28c12750a5eb952732d241

Download Submit
memory/2376-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2376-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download