6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2b

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
Size

25KB
MD5

b046c2b0869b17d855062e0a6f0392a0
SHA1

bef96b677c2dc0a25099e074a9af7a3a44c336fc
SHA256

6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2b
SHA512

df819ccf578f77eba244c11dfc2c924915f8564bfccc4918ac172902cbd04de9fbd42ef3cfe38c5edcc21856bc0b032372d81333be291551d584e3d827668cd6
SSDEEP

384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+9T6u77:kBT37CPKKdJJ1EXBwzEXBwdcMcI9p77

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3450) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2684-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-2.dat	upx
behavioral1/files/0x0002000000010485-6.dat	upx
behavioral1/memory/2684-75-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Windows Mail\fr-FR\WinMail.exe.mui.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox_1.0.500.v20131211-1531.jar.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Windows Media Player\en-US\wmlaunch.exe.mui.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui_5.5.0.165303.jar.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_ring_docked.png.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\gadget.xml.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\librist_plugin.dll.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_ja.jar.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe

C:\Users\Admin\AppData\Local\Temp\6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe
"C:\Users\Admin\AppData\Local\Temp\6fdeecbe4a703ae8c9ba0187ffebd7a55ade89cca8d5c251d845ac32900dec2bN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
25KB

MD5
42777a4a6036277fc093c04b62b463d8

SHA1
0e141bf5f4b133480d7365054828fde36308d1e6

SHA256
01e8a2b97dda58e377af861fe9534d1fe8d3f7da25c9e9e6f20e30672f88b051

SHA512
66f6fa11dd8b4ca6e5f3085b555c3641103b6595a4f6edda16c02ce6ce2a0322ca9911cfb767470aa537285b3b209e5f2f31bbc2f60aa35b0b293f5d999ed237

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
34KB

MD5
2e8391d171f93546e295dc6b76a73f49

SHA1
7f1de3d217d6b35254012d891c1e1d7469962e37

SHA256
a0ebda9a36d27b3c254e8727f655877f8140969f696d1f5ab4fec1e144fdc438

SHA512
e6a63f9bd3fd7972186c8b566b2d976999b7723a1a649e94ba1310a69df375d13c91eafaa1d9ff090e29ab59962f7f01c7fd9e6863543f473b1c10730f71dd64

Download Submit
memory/2684-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2684-75-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download