7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/10/2024, 23:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
Size

52KB
MD5

9f8da5c42a7ca04061653ecfea1237ad
SHA1

3c50e18d42429fad1c9953c6ae7dc49d294e7a49
SHA256

7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4
SHA512

8bae66a085326d96fb552b9f450d184b8c01b858f17e5b456db879e3f3a38b85b1a3842084b771eddb47feda58c8bea50b6f0848260b54206d4c25d155845eba
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9woOzOuiJfoOzOuiJf8:V7Zf/FAxTWoJJ7T4ML

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3753) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2080-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000012266-2.dat	upx
behavioral1/files/0x0002000000010541-6.dat	upx
behavioral1/memory/2080-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\SkipResolve.3gp2.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_zh_4.4.0.v20140623020002.jar.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ps_plugin.dll.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_sse2_plugin.dll.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\pdf.gif.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\mip.exe.mui.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Midway.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+8.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Windows Journal\jnwdui.dll.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.HLP.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\LC_MESSAGES\vlc.mo.tmp	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe

C:\Users\Admin\AppData\Local\Temp\7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe
"C:\Users\Admin\AppData\Local\Temp\7750b8a05d7be175668b1c2bec7c24554c7a9f813e67af964d038643ae819ca4.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
52KB

MD5
fc298941132bbf308486eba1102ab5f9

SHA1
619d9bb9c11d27c99ac962b33247399e3aca5f6d

SHA256
a508a186a83e31f6154b6c21d3f6c005d05d7ea706bd31c3c82e66ea67b169a6

SHA512
4ede32f134f97b3466a317d1cce37b88c5233e541c9d7ce65aa723c79ed1c2becd2ec8fb3b1fd1fa6e2ae6c048071a90f5c0afd676f580069940a537fc09f880

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
3ba28d6c3374c28a4841c94621222ee2

SHA1
ec716dbbcde48bafdb15ce8c838c5d6ebf0d94cd

SHA256
1c31bb73cc3053b953a02018ef381c22353d2de508dcda25a2566387eff19db6

SHA512
93957699d0ac1f0de1ffb095150e7ec2573ae7131840326368efef67310681a81178d3ca46eef66c2a1f13a158aa1307476fd1305ea1d713070fa8f62e4b9b13

Download Submit
memory/2080-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2080-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download