14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7f

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
25/09/2024, 05:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
Size

51KB
MD5

64bd22bab550990934a1337c2f63ce40
SHA1

7820e5aa50755b624b176c64309091018e677b39
SHA256

14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7f
SHA512

51bee7c999a89b89087f9f036d45ea0b90b064a05b6c6fb89274c245589f0953fd36ea2fed332174190adb0e14eefd0bfa4672fa65e77b75ccc1d56874f8c5a6
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9AiOiOkjk+XUXN:V7Zf/FAxTWoJJ7TSkjkf

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3308) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000012029-2.dat	upx
behavioral1/files/0x000400000001043d-6.dat	upx
behavioral1/memory/2364-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Vienna.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_ja.jar.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sendopts.xml.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.core_5.5.0.165303.jar.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jre7\lib\content-types.properties.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Adelaide.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\com-sun-tools-visualvm-modules-startup.jar.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\epl-v10.html.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe

C:\Users\Admin\AppData\Local\Temp\14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe
"C:\Users\Admin\AppData\Local\Temp\14ae646ed5042387960c97f3d5315b7105fe8b845774decefd451d4ac1da1b7fN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

Filesize
51KB

MD5
8448f20fbb6ede96c0e887ed4cadc805

SHA1
5243dcbcbc90db469a0427a770103a77f55e7f29

SHA256
05918c19d151b80e0eaf4da2777d3f36fb385e7034b1f59238a61452056cfb2b

SHA512
e9befe1a0c72353823023be104c3fec41560bad9b063ad0023a1a5a2d2546e3bc35ba9e4413bde978a143bb11b42f969ff74062a7123c3f657edac7445feec4f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
95ec31c527ef9ed960564006c4fe9868

SHA1
3fefc73a92591cd5bf623235ab82be20c9ae941b

SHA256
a9dc5f64b7ffa268aef7d63bd9604be7f842968fb48b61e91823a65d0e88c1ac

SHA512
65897930090cf99999238b2d2a2ed4a5e5e92ed97f48a4c2a86f2705d260de5c6354e14c00e8366e19d85369bbc87229d12df377a99df3c16c54e6121e2ea5b4

Download Submit
memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2364-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download