0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/09/2024, 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
Size

54KB
MD5

9ca7aa1cd3879d4b87fb52ecffec0b71
SHA1

fd6b5347d977a1597f144275fd2b6c72d6df78d4
SHA256

0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15
SHA512

c5a52fefd43df0f8228e7673a00cacfc124bd5c4658801618dfe21eb3c011464999ce29ac799493799716fed5a3830a5058fde50f9119d4770fba6a7b77458b0
SSDEEP

1536:V7Zf/FAxTWoJJ7TfUWWUbUgUgUhUWUbUgUgUhUWrCgmD:fny1jUWWgLLUhUWgLLUhUWRm

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3739) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1672-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b0000000122ea-2.dat	upx
behavioral1/files/0x000200000001067f-6.dat	upx
behavioral1/memory/1672-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fi\LC_MESSAGES\vlc.mo.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\eclipse_1655.dll.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\settings.html.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\gadget.xml.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Journal\it-IT\jnwdui.dll.mui.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Journal\Templates\Shorthand.jtp.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\LanguageNames2\DisplayLanguageNames.en_US_POSIX.txt.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\4.png.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\reviews_sent.gif.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\highDpiImageSwap.js.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)greenStateIcon.png.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_rainy.png.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Media Player\WMPSideShowGadget.exe.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_settings.png.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\33.png.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffd27a_256x240.png.tmp	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe

C:\Users\Admin\AppData\Local\Temp\0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe
"C:\Users\Admin\AppData\Local\Temp\0b8cda682b56ac2b0f9366ce4fd24129baa90a49568652d6871a3283d60dbf15.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
55KB

MD5
236dc97051642c5a134d51a6b7937639

SHA1
e6d276bf908c8559efe8a3af7fb459b44bb56937

SHA256
9c876a82783140a4562de6b89545d1696a717aaf6de81d20767c110df553f949

SHA512
7c3dc6f73dcf17aafceece5782f4fc22bc787e0c3a25f592086fc294dda46bd78635534f663fe8d4137b100ac936b002ae66a04a124e9b3ee5d036ab62179ae4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
5fe8250290f6952907608b2f4d5c7a32

SHA1
2159a063d4247f9a53500b8318cefdcff3ebb74f

SHA256
0ecfead3c344b161280befdf0928623004b08be67f62ca95ca705e0f174370dd

SHA512
e9a6bb8b023d978e2bcf69f9a97ae2aec65c3b7eb5f49d97acfd842515dd552838c5a35f087b2f8fade4e456e89b5a74242d5d8041f73216accb64744530c506

Download Submit
memory/1672-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1672-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download