2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/01/2025, 22:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
Size

184KB
MD5

b19094ecf2beee214772e8e0cdb06f30
SHA1

01118418d59bd3c68e4b6d713cecc7c476dd97d4
SHA256

2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5
SHA512

133c1658f687c200fa85204fcbcf34deea098d70f4c78fd7a5245f676f66ca8540ab498ae765cd118ccca3c4ace138b3a4f765279fefb571584633c3ce97ee78
SSDEEP

3072:htEyyj2yAeCgjJQWHIjN3tj6qnv0b2UrXkbvLiPV:fEyyj2yAIJbIjNDv0bNXkbvLiPV

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (2693) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2180-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000012282-2.dat	upx
behavioral1/files/0x0002000000010541-6.dat	upx
behavioral1/memory/2180-70-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-awt.xml.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7MDT.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Bougainville.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\PST8PDT.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_ja.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_zh_CN.jar.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe

C:\Users\Admin\AppData\Local\Temp\2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe
"C:\Users\Admin\AppData\Local\Temp\2e0d83498539a15085986370491efbce7b0da919a72536a5684ccf6b9d5fc9d5N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

Filesize
184KB

MD5
80bab854a23177416d34a9912b9e5e36

SHA1
7621376f5ab0a8c03e8e1735a12d565c7472018c

SHA256
40118fc1a66ce895e454c51105bb8a77990160655d254805591543f62f098ce4

SHA512
64b27525db2671d25af9a973e19508f4f5371cdf5e66a2ee9635df60de74d419d0be8e1f1e2c6ac1655370d025057e8e16c45ada5702d8246c1e77353fc8327f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
193KB

MD5
69d033b988a62570ab20e44ef9664112

SHA1
3fc8afc3026e8f5d910c3d16cf440a6d2fee53e4

SHA256
b4bb2a2888d4c41e9c92683c55f24d7dae037dc07197a28a72bf55087bf5a29d

SHA512
4e158e3f9cabac24c8a075ad170af4d876bc5ffa1911c74e4220d6ace0511b01f58589171a9ad79590c221efeb95eeedfa0b95d888de11334255c910e011930f

Download Submit
memory/2180-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2180-70-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download