f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42d

Analysis

max time kernel
120s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
Size

40KB
MD5

696f5bcaaf67f7f771e388c6b232ba60
SHA1

11a28d294cac8e01715e898a217f942f5b3fa452
SHA256

f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42d
SHA512

f78d242ce73c22cd2cd5378c3dc562d7104af5ec6d3b6592651a5814db8ccf459058f7d492a02e648b88caa1f3d6209ff49a6047fe522e53f0f874b1d313396d
SSDEEP

768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKF9ADJ59ADJsPdwEbdwERKe:CTW7JJZENTNyoKIKMPdwEbdwERKmEQKe

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3460) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1660-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0007000000012117-2.dat	upx
behavioral1/files/0x0002000000010617-6.dat	upx
behavioral1/memory/1660-75-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Microsoft Games\Mahjong\fr-FR\Mahjong.exe.mui.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\ConvertUnprotect.rtf.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-applemenu.xml.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.p2.ui.overridden_5.5.0.165303.jar.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\FormatInstall.ppsm.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\librotate_plugin.dll.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\chkrzm.exe.mui.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.util_8.1.14.v20131031.jar.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe

C:\Users\Admin\AppData\Local\Temp\f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe
"C:\Users\Admin\AppData\Local\Temp\f3e31dcb8bb766a659ccdef1aad47ac1a5b79faddb247b5a7a9afcefe360e42dN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
40KB

MD5
da17b3d57313a9a8dcd0cd398cdb856c

SHA1
1ecc2f70f6cac86c86450b7f9dcf836af0b8391f

SHA256
55be03be8829ca3357ffb3a2bed95162e2864ef6b682cd4616e68868ffa11fff

SHA512
95e5356fd3b3a839a5a60d23bc8e1da8380d15231c578f4eca3652a6183801d2a37fe4d19af4a9fa83b7576a7450819618491b0279b01cff314d07d5a34e9705

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
dca37e150ada926e30a990a0588f1c9d

SHA1
3c7d9cd9974c2ad171cec73deb70fdc6326819b4

SHA256
c8fd114474d0e79fb9653cae2f15edf6356870443e8ea39453e73b103b6afa02

SHA512
655d7e5144b84e150ded4e35bdde14f743f9a110f727d4f77d504f6667f72847db21e74e72a27f4f91430a39e44fe1eef7ee949a0fce3146244cca4cf532d0c4

Download Submit
memory/1660-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1660-75-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download