d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdf

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
Size

54KB
MD5

d20e88cfcbf549c043e48b3633c7e230
SHA1

e6b18a75d4bf07317a8dde41c6464f1f33990c36
SHA256

d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdf
SHA512

7be53cd8a53e1fbbed6ad424629602de03a4b59882935d435fb43e53c557fc35d68ee9d46f1e6c0f2c40a29952ab54165e972943a4ee2799ff347bd2b55d4470
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2r9:V7Zf/FAxTWbi+

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3733) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00090000000120f9-2.dat	upx
behavioral1/files/0x000c000000010546-6.dat	upx
behavioral1/memory/2344-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\ShvlRes.dll.mui.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\3.png.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\penusa.dll.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPOlive.png.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_m.png.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroSign.prc.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-Bold.otf.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.xml.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\currency.html.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Khartoum.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libvdummy_plugin.dll.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_play.png.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libprefetch_plugin.dll.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_down.png.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jre7\lib\ext\zipfs.jar.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe

C:\Users\Admin\AppData\Local\Temp\d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe
"C:\Users\Admin\AppData\Local\Temp\d537329a9b3c25b89f23fcddd4c3f154590078b1ff52686849cd54790af24bdfN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

Filesize
55KB

MD5
7f2261a87056cd789ee6e5ccfb9ea8e0

SHA1
bfb9ac97a5743bc002789dcbba9c699313b45e1d

SHA256
b249a963acb9684407f95d3588ddebe9386c56d4fa9fff51da0b3a69d86b682c

SHA512
f22f1e72ee7a9791ffd5c41ab5cb5e0c053a1d79f4f45c5ebea400b19aad2ec0f0517c87fab7dc21fdeb1fd0bbdcebee3f23054b423d39adac9750b82baa15d7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
8a7b590ca43e6746963a878e9bace340

SHA1
81abc7a2100d9bf95215eeaa728cd250bb9622bf

SHA256
64be974fff8553d85b46bc87f0aecf81b0921b9cdb2adc777f93824aa443e1a4

SHA512
7711ee84c316c2d04b1493d0d4b63a09ba985bfce5a665a675d443a7a0ad6361940f9324d3183336d09e0c1e49b7804b7a6adc7d9316f701c51b9a528d8af200

Download Submit
memory/2344-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2344-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download