7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 21:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
Size

360KB
MD5

c226c1bedb6312d12c18297a8175b90d
SHA1

9dbc5557ecf9d601d853746d49fe7468866f5e73
SHA256

7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e
SHA512

54135bace81be205168bb7db03550aafe15849da453f5dece406a2fc3f4bf7ce5be49f9b5da5684ea051e4b1643c2b05dc7136fa3d0be4d552264a046f390a10
SSDEEP

6144:KbEyyj2yAIJAEyyj2yAIJDyIjNDv0bNXkbvL19iMGsSaOyi3:WyAU8yAUDyIZGNXkbvL19iMGsSaOyi3

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (2080) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1696-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c0000000122e4-2.dat	upx
behavioral1/files/0x000200000001067f-6.dat	upx
behavioral1/memory/1696-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Monticello.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jmx.xml.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-io.jar.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.event_1.3.100.v20140115-1647.jar.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_ja.jar.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\epl-v10.html.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.xml.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\help.gif.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
File created	C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe

C:\Users\Admin\AppData\Local\Temp\7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe
"C:\Users\Admin\AppData\Local\Temp\7a58f5e350735f2d7dc744ee1cbe66ed7ddf87ee06cb5bc0e563f39bdf56fd4e.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

Filesize
361KB

MD5
4ba57c2042bd58f795bd7a049b0895b4

SHA1
5330bc47628eff8970fad6ef286c5df6450852a9

SHA256
6810f59108e744b552d12416b844675b79315573a642c789b5bdba09970ce5ec

SHA512
a9904c438940b0fed9f4eb7ab61987eade8309d2d5866f14313c846dd54d74a04dea20da4df63eee98d6f2240f80aba285dcf4b1b310886d8a4ba2ca71606373

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
370KB

MD5
c96d067a4aa97b49f6ea69bd84e77351

SHA1
d49bc3c211447e1405e6ced5ed72118e6e1fac9a

SHA256
1abf1951f82e70b662fd0b572bf529cba34571d9092e5dc7530a0aeaea89860b

SHA512
cffc069cad923eda785440b1ee7735f232997f1c92033047bb4c692595ca1b23f6211df06aa03982b14aa3cd07c42711c4f3ef9cafcd03870f29067998965a32

Download Submit
memory/1696-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1696-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download