ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
21/09/2024, 05:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
Size

59KB
MD5

28c402435c712dc6e82f573b9b8e5ab0
SHA1

45c974c1b94ad5612d146897de7eadad114ba5fb
SHA256

ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1
SHA512

27b5a1886227b14fee14d303bb05227cfc58fe2a61b2ecd876f1d3668046aad0d85b9cacd781b2296330262c6911c5b7d5b8eb77e60c2b5097be6ae576956844
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZT+JZkeZrAJZkeZrP:KQSo7Zn

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3285) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2572-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0008000000018710-2.dat	upx
behavioral1/files/0x0002000000010485-6.dat	upx
behavioral1/memory/2572-75-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\EnterApprove.clr.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Porto_Velho.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansDemiBold.ttf.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe

C:\Users\Admin\AppData\Local\Temp\ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe
"C:\Users\Admin\AppData\Local\Temp\ae2382e4542b6bf0d8f2cf538467447ab57ea8e7513fb353ba4ce6622a70b4a1N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
59KB

MD5
fd741c17c28b6da8d829e0bf982ea2c5

SHA1
4c7a994ab848deb15973de5b46114d09a8b01120

SHA256
f1b4b737aeda4cba9bc63b337f5ff4e1a484070ef371838ff6040b758f8f879f

SHA512
28c24804e6a5f57f36cd648049e298ee5e9a0ec404ee761c19144c0f6ed395f93e0dd5c6a09de2177382e89e9ec350247cd31be698f0e472bbbc4ee34c330cfd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
68KB

MD5
d4f55c0990ca3828dd97577479b3847d

SHA1
366e42c378c6d23127c0164517efcfd72c8a1503

SHA256
fe18e2e1804c6342829dcc4226b8e14600da3f48820bed093c58ed117b6ce50d

SHA512
3b433626952626f4a434c17050a512d50eb50b43db42b5cc0e3ad17344479653fdbd6434cd490611f486d42176a641579ea26269f8175f4be629e2406f9dd985

Download Submit
memory/2572-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2572-75-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download