eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258df

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-10-2024 15:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
Size

55KB
MD5

c43beb69e70d83cd8eff98cbfbc530d0
SHA1

c57a9999135189e01ff35b2864d8a4a893f4f257
SHA256

eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258df
SHA512

0eee1b8d8416c563b3053b60848ab055c3c2ab31a1a1ad4b33bccbd1234a40b58be467906f156e1a61eb71662bb52f5bdaafe4ad233c582534ccbfbed95179f6
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9PoNon:V7Zf/FAxTWoJJ7TP

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (3248) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2332-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d0000000131aa-2.dat	upx
behavioral1/files/0x0002000000010674-6.dat	upx
behavioral1/memory/2332-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-outline.xml.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fakaofo.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dushanbe.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Puerto_Rico.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-conio-l1-1-0.dll.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hi\LC_MESSAGES\vlc.mo.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_ja_4.4.0.v20140623020002.jar.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-10.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgzm.exe.mui.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jre7\bin\decora-sse.dll.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_preferencestyle.css.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.annotation_1.2.0.v201401042248.jar.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe

C:\Users\Admin\AppData\Local\Temp\eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe
"C:\Users\Admin\AppData\Local\Temp\eb0c4fe937a6dc7b32bc3dcd03cdf2aa983eda179469bb141ca9dc10fb0258dfN.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

Filesize
55KB

MD5
4bcf8d1d8e81a2afe1b4bc7053f7bdcd

SHA1
1807a40a523ba426b6f7b09fe51de83d36d9eebd

SHA256
f4cfef5d0d5974ebb546182aa877c955d2f18e1dee0997bf1a2c3d5cb503931e

SHA512
0c2ce314face8e99503944a2fa62057411e1f34d01969faf2bd8d62d356b2bf5a0083fccf64806b50fe93d413d45415ed43dffc0b3bd691c61cfb395dbcf7b71

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
64KB

MD5
c776f587e497c92fef4fb7ef9a8ec602

SHA1
45f38bf6ca70ea98d5f4f2ca92784b395673aa61

SHA256
f40b4ac46cf3877adfd9e480e41a929cfbe231e0b59fd8d8c57fc15dee48e489

SHA512
bbb98e57793c3791b22b73ad08c50b47f1445e78e4b7a03a00c6eded298dd2081aedcbf61d04f1a2144dc51d821a3650d7c7508618811d8685ab2b5c6a1c12bf

Download Submit
memory/2332-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2332-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download