2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
12-10-2024 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
Size

45KB
MD5

71d2c4f10b0c489037b636b34bb839e0
SHA1

9050cec1f815b738cda6727b7ca657ad9a1010ba
SHA256

2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46
SHA512

27caa7f5e5744c834c931b37a918233e50547a8ff5d6a8ab0ff99636ded6928b6794a36e7883f78def47307ada9491b3001598e37fcf33c11b169d88b207bed4
SSDEEP

768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiJFEFuodcOZiJSQOQiJfodcOf:CTW7JJ7TTQoQPyPhehd

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3687) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2372-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a00000001202c-2.dat	upx
behavioral1/files/0x0005000000010479-6.dat	upx
behavioral1/memory/2372-72-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Catamarca.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-today.png.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_play.png.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\vlc.mo.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradient_plugin.dll.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Windows Journal\it-IT\jnwdui.dll.mui.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Marengo.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic_5.5.0.165303.jar.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository_1.2.100.v20131209-2144.jar.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\PhotoAcq.dll.mui.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\splash.gif.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.tmp	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe

C:\Users\Admin\AppData\Local\Temp\2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe
"C:\Users\Admin\AppData\Local\Temp\2ea19290113f159463b5a50154419d4cc91a3bde3a1a525741f2f4b536048a46N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

Filesize
45KB

MD5
c62bcb50ff7a8e776c9f8c8bf7a8491b

SHA1
d2e16076070d3a2c6cd2c770ff19c22b59b0e0ae

SHA256
dba833c25be8b733917061c01c875824a04363b76822505c9a7903a56891a345

SHA512
1fd16ebe26a2d881291352d857077dd045de8872b62e8a872383ee77dabf15b77cfeb218a2a2b9eaa46cff673106330ae34e3bed00f1906b7f1da5fe13fd2c84

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
ee5152272ef2d3ef156e78cec55376ef

SHA1
f19775296702faf01b3cd863200ce265cdb0134e

SHA256
c45108c5cf51e6fcdeeea845f79a886cbf5ddaa57ae1242c6b2b889b92cc64e0

SHA512
68ef054922b2d82f380b44d5189e48c032ccd46c1a6d57e7ce6cd58dd92f483cc20e0039e2e2d9985827a76846ad1a97e55ee66a5b9b96e72cd38f085fae7894

Download Submit
memory/2372-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2372-72-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download