9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05/10/2024, 06:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
Size

67KB
MD5

c7173702fb56e61313c604a592262320
SHA1

edab844a6e76be4bfa896a94634c9bc098072936
SHA256

9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2
SHA512

e433773165ec49efb47a68eeeff5baf399767cf56e06f565cb99f9bd750bf6b60ef790befa3c9aa4f07296b8e120be3ba2621423fa57911267b5553815fff4ce
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzM:CTWn1++PJHJXA/OsIZfzc3/Q8zxY57

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3186) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2376-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000012263-2.dat	upx
behavioral1/files/0x000200000001067f-6.dat	upx
behavioral1/memory/2376-70-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.Design.dll.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\El_Salvador.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Net.dll.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_http_plugin.dll.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_ja_4.4.0.v20140623020002.jar.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_ja.jar.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe

C:\Users\Admin\AppData\Local\Temp\9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe
"C:\Users\Admin\AppData\Local\Temp\9d13ecc5b70f7c39dab8795830b83e86dc467ef403bdf6b6e2c040ee04d2bef2N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
68KB

MD5
0c4fabdd247467ae66667c096cf38321

SHA1
cd9c973995becbd6ab1c70c4038dd0a46284128b

SHA256
7471520fcfb2af42b660dc86b9d7edab43e986feb5486a7abf409211c4ec1ea4

SHA512
829a648295b5b2fbbad56a6577a92390c0f5f141c620358d0a6e1882f743f2c61ad1da35c6d0bb37bb4659fe3ab7ac78f96caeafe43be225cccfc7753cdd03d8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
fa9589b78020912038d5c80e3b26d8f3

SHA1
3c086f9e2c4ed8d2a5817243d4d2e04bebea30f4

SHA256
27a56c52e5afff79e404abec67795332a83fa54c0e5ec5aa2c7092b97dc0b2e0

SHA512
c7ced61cb25bf9fcb0e048ea8a3b2bacb2e30a82cb76b55f8ff1859ec79f2c3784c4b2708f1e12531dbabf19d74e39a5e00e019c52427076eb86131ef9ac35ae

Download Submit
memory/2376-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2376-70-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download