b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3c

Analysis

max time kernel
120s
max time network
20s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
30/09/2024, 09:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
Size

53KB
MD5

8b86c2a4e574351fc76dd3048902bb60
SHA1

51ef262bede951fa5290bb9d897a6d71eea1771d
SHA256

b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3c
SHA512

5ed35c5041afe3b35df453f8207b92be5ce21caae12e8a2f59aa565ea713e511c4fc274b69498b055f2db3e25c27e295ec29adc1f3ff122cbfe7149e9263f37a
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9eEC:V7Zf/FAxTWoJJ7TUB

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3165) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2916-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b0000000122cf-2.dat	upx
behavioral1/files/0x0002000000010485-6.dat	upx
behavioral1/memory/2916-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jre7\lib\classlist.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.VisualBasic.Targets.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClientsideProviders.resources.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_ja.jar.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_ja_4.4.0.v20140623020002.jar.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Services.resources.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jre7\bin\sunec.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\02_frenchtv.luac.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-explorer.xml.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe

C:\Users\Admin\AppData\Local\Temp\b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe
"C:\Users\Admin\AppData\Local\Temp\b83fb9be40be918997c966e05d73792569ac0963701faef0659d97e935977b3cN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
53KB

MD5
a44f58932c3e7134e37a8233e14ed032

SHA1
7a2fbdae40dd88495db238f66d032e7889ad0bcb

SHA256
a51b7d6054e2d5fbe19213196b3645b09f7b87cf9ee60dfe62f797622dc10433

SHA512
cea081cf0656d6dd022f8ecb920ca64f4c49f0f65fbf6e0cb68ede56c414a1248de44e6fcdd595ad08aa52e82912ec21f8a65a695243fcafa4646f266c904135

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
258c23314d1c87ebb02b7a73aa1da561

SHA1
bbd5b141ca9dabfe5fb8ca226e0668aab3953933

SHA256
49d93fe466aff6f50309e398e10a440a64a4055d5cb9462e90aaaab27c51a2f0

SHA512
31df00f6a4914e5dc93e249c3c19d3317b644ff8352079de2bc57ea627f9e932fd7d12e74ac38db0f362aaeae9a8a20a90deadd755fcc94844a051621aad4eae

Download Submit
memory/2916-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2916-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download