d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebec

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
02-10-2024 01:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
Size

64KB
MD5

1e3c90b86f4ed03b8a0d597eb04368d0
SHA1

106942e85403446bf1b451c2ba2955c549d17ea9
SHA256

d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebec
SHA512

1ffd3ba4f334e74682ab3e9c99d09a6601219a6e33705cec7cf84bf0bb44f1a4f6f699449fda429184e43cff26512ebd5d36c4a0d530eb9d91cd0ba50dff5e44
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzO:CTWn1++PJHJXA/OsIZfzc3/Q8zxY5Kw/

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3158) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2876-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0009000000012119-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/2876-70-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Palau.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-progress.jar.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Microsoft Games\Hearts\it-IT\Hearts.exe.mui.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sl\LC_MESSAGES\vlc.mo.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Mozilla Firefox\precomplete.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Design.Resources.dll.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UCT.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Internet Explorer\perf_nt.dll.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Nairobi.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\ChkrRes.dll.mui.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\ReadConnect.m4v.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe

C:\Users\Admin\AppData\Local\Temp\d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe
"C:\Users\Admin\AppData\Local\Temp\d4d3755bc1614d102fe5bc0efff7d192d5083b421950a532272c259d832aebecN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
64KB

MD5
891f24f8f4be7cd0df81c8f7f4c88619

SHA1
2510f58a2584d631b5f386fca555be4d4d47c7c8

SHA256
6857f993ca4e7c68a2f7915e85c3eb80a0beddaa801fb8642a58a008a195a11c

SHA512
4b643cb8e89fa8b8eca48d70e3e2743888cf37271d5965a26fb26ae39956abc94c6f5f8983f692189a5d53811003f52635ecdc22c7e30977f019b4ba5abb0417

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
73KB

MD5
2485c902a2eda5f9ca8460a32a671c8f

SHA1
7cc63632133398119098a240f860a2566308b536

SHA256
1303d256f4d1cd98c68b3f22391f2f812a1ad0239f049d23b77c379c3d93c83b

SHA512
95f8c22ef146e8740950d434fd2caa0a476b4f2aa8539f97dba466341436e6a006a693938a61a15255e9e70f2b45e2abfeb373b08a05740193406b0307419031

Download Submit
memory/2876-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2876-70-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download