ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503d

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-09-2024 07:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
Size

55KB
MD5

72f0f3ab0480e2968955674c099bb420
SHA1

3c6ebd8d81fcd826c6a27fd582a1375a00e9413d
SHA256

ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503d
SHA512

18117d1a10e8b76442b27e078a4aea556980489b0ec9b691198a844260a926e8905e2906dfe054fa7d4dad57c5dd07357b108dae65be854b1840b66fe918db60
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9Dr5TG:V7Zf/FAxTWoJJ7TVr9G

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3209) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2748-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-2.dat	upx
behavioral1/files/0x000400000001043d-6.dat	upx
behavioral1/memory/2748-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\bin\hprof.dll.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationProvider.resources.dll.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\vlc.mo.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\desktop.ini.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ko.properties.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jre7\lib\meta-index.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe

C:\Users\Admin\AppData\Local\Temp\ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe
"C:\Users\Admin\AppData\Local\Temp\ef5d3ce7b07c492bc8b5208de9c72d4c48b8ea70599760177132dbfe4ad7503dN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

Filesize
56KB

MD5
4a61d52a187442f4c8e6ffccc46c2c63

SHA1
7fafa878433c88920fba2c8a2f080406f6f8137f

SHA256
6844570684466434c2daf2dcec992959554d1885416502231fa861559e85e4ce

SHA512
71dcbc5213ddc5c7ed738751a8a171ad8f55f242529c0c0b244423f139a001226c6a49d9ec54ec7c90c9b0e560e5a1f6e61dbcf745b59c35dea37bc05cd40475

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
59f4d434ead7063c1276bb7b184c00fd

SHA1
5800ce16f7cf994b4b923cba3f1229a474244109

SHA256
12ee78f4554c2bb06475d205d34244703464c100a8efb351c5a65c48226886f0

SHA512
af098d99a065e550f0add23625bbeb40db62218f5e651b5665cd0146cf0d559d826411846cff1835bdee4532fc51a035bb589169379c76964bab97e7c7e02e23

Download Submit
memory/2748-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2748-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download