863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cce

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
Size

46KB
MD5

0650dd4f85e24d53173b1b639601e8c0
SHA1

7f28fe752ac71e9875a4fad62e4a3cdbf644ec9f
SHA256

863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cce
SHA512

9b3b8cff32b4b708c04810acef6a5adaa4e02d53e93717362c4cf5a788e35df749c6ea8276ed3d6dc5cd72176d7754ae711c2a03fe284ca545aaee5a528cb05b
SSDEEP

768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiQ/Gum/GutX1vqX1v3:CTW7JJ7TTQoQE

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3376) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000012029-2.dat	upx
behavioral1/files/0x000400000001043d-6.dat	upx
behavioral1/memory/2364-75-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\or_IN\LC_MESSAGES\vlc.mo.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx264_plugin.dll.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_f6f6f6_1x400.png.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libftp_plugin.dll.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe

C:\Users\Admin\AppData\Local\Temp\863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe
"C:\Users\Admin\AppData\Local\Temp\863a5e28254398927879c15762319350797f9f8241dcd590305eafdbd7b79cceN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

Filesize
47KB

MD5
e9c024dd1c2726380fa7e0e179d2e4ae

SHA1
17f6075cec45353a6db2a80b2e9a8db142596273

SHA256
2bd6eee892a5426151af611c5fe5e788c9d02cad896ef85430d7b1b6bbc3fb4c

SHA512
6c18dffae978162229a4f76bff4283cdad77d85f10b419812bfb2dfc644266eeeef64425bead89659874110746bdf932b0e793a4aa65aa839227aaf92080df5b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
56KB

MD5
4c386cb8639ce990790794e9df3cdec0

SHA1
f761b00096c8db06ea46d171a37b1b3381462ad3

SHA256
daa7d287fb0b3e4a6adef41e379a209de277e9a26868a32266dc1d0ec6308f4b

SHA512
e70e664ab41536952a59a5073c1fa9b69f41fb1ab4267cf24cbf032946ddb96ce12a2ffef5530fb4d8283155b74d41c18094006767cee6cdc53894184da7114d

Download Submit
memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2364-75-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download