0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356

Analysis

max time kernel
118s
max time network
17s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
06/10/2024, 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
Size

58KB
MD5

9fcbdf999a0194c94a30fd4ae09902f0
SHA1

62758f43ae7e0d25cef2bea0c51c4159350fde01
SHA256

0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356
SHA512

a301e6b4d7dea57376440ab7bdbed119a6109591272e5ccf177826e15ab2a5e3614cf8b6b9a6e510e5f4c54e4a1b90dca627932f4464b82e90f1978801886cb1
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rz:V7Zf/FAxTWbi7UhUoomo4

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3214) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2300-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00080000000120fe-2.dat	upx
behavioral1/files/0x0002000000010485-6.dat	upx
behavioral1/memory/2300-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\bin\deploy.dll.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightItalic.ttf.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rainy_River.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-coredump.xml.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationProvider.dll.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-ui.xml.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaom_plugin.dll.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_ja_4.4.0.v20140623020002.jar.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Srednekolymsk.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe

C:\Users\Admin\AppData\Local\Temp\0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
"C:\Users\Admin\AppData\Local\Temp\0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

Filesize
59KB

MD5
60e70bb26477a027216f812eebbd6ab3

SHA1
a967f59635ab0044a460fcf76ddf566722f205c1

SHA256
7b84c5ff6215e1ad61fd6e9494168ed2922c134fede23c5dd75baa24aed8f89c

SHA512
c9c1ad30901e1f16896793b47224cf8ebe3f9c254e485fe54c6ad50953e46ce33dec1eb6ddbdc3f87be61c86e9711f2adede0ce6d13b230c44f051f64575fba7

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
67KB

MD5
5cc183047d1fe8c1b95733a874f04f93

SHA1
827aa38a2b7d949999dcba5faa06cac11ae0db20

SHA256
a1393d60baf4b757e01719841e7426b49484a167eec6b819562bbc9047aa0937

SHA512
6f6ecf8b01f46270e17869083c140353a334a8c581c27a088f58f85b694807fed08a90a75fca50ae38665261b792d7b092744504003e7c2cd64264c18d192a3b

Download Submit
memory/2300-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2300-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download