64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4

Analysis

max time kernel
119s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
15-10-2024 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
Size

79KB
MD5

67fab0b8e95c103f478abb8ce5109120
SHA1

94042fe759dfb908c180b9f38af9cd4fc5d09526
SHA256

64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4
SHA512

4385e5869e5e1e7b44929d2ad31aaec255f840ae742e4cc544e2315846ef46466b6602e0bb1af06ccbeb3ae8891bca6ab8b2a1af5d23e50893f85078a8c6faac
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti3c7Fc7I:V7Zf/FAxTWoJJ7TTQoQmoI

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3147) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2980-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0007000000012118-2.dat	upx
behavioral1/files/0x000200000001067f-6.dat	upx
behavioral1/memory/2980-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libadummy_plugin.dll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationTypes.resources.dll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\EST.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST7MDT.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsBase.resources.dll.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe

C:\Users\Admin\AppData\Local\Temp\64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe
"C:\Users\Admin\AppData\Local\Temp\64056715feec20245d8c4da077a277a3424f1249489af2b6fe8de039de8a0ea4N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2980

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
79KB

MD5
56f95251490a180e323216dda804de92

SHA1
67721681fa97f5be1e01763b3901825b20cee3b5

SHA256
3cfd878cc170ceb2514a5ad94f0f032a896c05d5b9d11e6bf244852e1fcd2b95

SHA512
13ceea552aae34c53c57453060d853baba44621957c01672febc51af55a3debcd8d6a19929ea84f178bc9b62934a40f62492386f296f56e37df6776f670ed8af

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
88KB

MD5
a76265c33e8e47bbcc0bf47aa71b7e38

SHA1
6c78df4baf84c5a5bee15fc6c99897ac584042d6

SHA256
fc9c99a572978ea8f246f8db5f363dbbc127545ab1f31903df7e2aff448b3568

SHA512
4e96c42bcfe3c8db461b85de68319b521e46eb2068261f83f6f9e52d544d8625fcc2a59f5b180146cb5eccc597a22a9b9fd512618f3860439106cc8f31db297a

Download Submit
memory/2980-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2980-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download