fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
Size

59KB
MD5

433333e13d19e6c7e8ae5f8a4f572340
SHA1

8d2de0295e1bcefa88529b7962eda6722af92dda
SHA256

fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933
SHA512

51cb4cba0b915970f0bc6958a4b1280f08f30a1a7e18a4bc6595d8d9441d75897e5db4d51a1b86d2b15e1e317d14076d5a8c97d111aab760ddd476d18d5fb5b3
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJTU3U2lRtJfO5mdGwmdGC6E:V7Zf/FAxTWoJJTU3UytJfO5mdGwmdG0

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3095) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2900-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a000000012283-2.dat	upx
behavioral1/files/0x00020000000104da-6.dat	upx
behavioral1/memory/2900-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MET.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationFramework.resources.dll.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\DVD Maker\Shared\Filters.xml.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\mobile.css.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.tmp	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe

C:\Users\Admin\AppData\Local\Temp\fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe
"C:\Users\Admin\AppData\Local\Temp\fbd7f255ee403fdeae1f3607b05076bc1c82a790bcd864b6fa57020a80f82933N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
59KB

MD5
ecfe3d7464d83961f502e6c0f83034a4

SHA1
5e411039317dfc537a68b3980377a432b59d9319

SHA256
5ce75c642d9c035eb13db3fdbae5e67b49ec056d98d18999837a6cf19ec9a5af

SHA512
20d608a0b8dbb5b884ede0b71bad9de2a4bd81288192ccf63030c04824533db3df44b8e26a17fcb1c7a60137dd2f31e915fb5e01eff5d0c24775cb570fce0f4e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
68KB

MD5
c03a884ee6148b0c6b338f99dc1fd19e

SHA1
0e437028c60d68d32d617ab825ed196c67afb533

SHA256
090eead39bbcfe192912ced135c781b3046e12074e855322768d9f73c5462bcb

SHA512
d126f6b21f0b5f62466e2728db80fe307e02cf02acfc1403fa8e5f67934b4c5e407b8b4275dac779acd6163fcc415de97708c63c436c804744845c41e9f09fc9

Download Submit
memory/2900-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2900-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download