e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
Size

82KB
MD5

a4f0edfbc822d4dcff568a46a60b31e0
SHA1

e90706e8cfee9e0866bed60220f73c123b5d7482
SHA256

e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115
SHA512

cf60a2fcdbbda5e238d327769411a4064d00ef39fc9c2859b183aec938d07b170da955c23f10e66ae4200386645ee2d954b146b1b9d3dd08e9b9a1d1e19d75ff
SSDEEP

1536:V7Zf/FAxTWoJJ7T1+w+fTW7JJ7T1+w+1NZ:fny1cVocVh

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3089) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2452-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a00000001202a-2.dat	upx
behavioral1/files/0x000c000000010546-6.dat	upx
behavioral1/memory/2452-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IO.Log.dll.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jre7\lib\security\java.policy.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javafx.policy.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nassau.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mn\LC_MESSAGES\vlc.mo.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.lnk.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\VideoLAN\VLC\npvlc.dll.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Resources.dll.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-options.xml.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe

C:\Users\Admin\AppData\Local\Temp\e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe
"C:\Users\Admin\AppData\Local\Temp\e8ccdffc23e1d38cc30ef60379c461c87aa1e9a9357dbc53486c3c30b1ad9115N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
82KB

MD5
558e271eab4c66651a422c291603f353

SHA1
f96ef8a58f1eab75c1c31ee5f34455db44c6c785

SHA256
ce1bc790f2d8ba7a38538f99174be6aec7d5335818c488e67a2922954b2bf28c

SHA512
abb32f5c21ac7f995801f46b48f2912dc2b3284a62feae509b68039336b904f1d269d7f11370d50dab7c5384b0c9c56bee533edfcd832a5d8e4bf7219cf55f9c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
91KB

MD5
424c69f61f1f6631569062ed38cd3f7d

SHA1
448673d22876e72ea76da0cd598fb58b74350a09

SHA256
d77fab0c26d3c8dcd9a1b39f578d33016566d2d254c42d3cf346beee7355c4bf

SHA512
e2d6851d567f707c60612848c06087bd3d0f2b34c1f0b205bb8df1885cbe8e1c2b6c662d20427c0ca531be2c20086807390ffd604336a5ffcf98fdbc1004df8a

Download Submit
memory/2452-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2452-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download