c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
Size

388KB
MD5

f1f77d7e7bb726ba4f847d5b6fbf91e0
SHA1

5926e6a7f73d3d1bd1643c7b6bf4196fe29de157
SHA256

c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310
SHA512

c6204ecdc5ef8b1fcc835975b45e53cfaec527e56758bbd26813da77e9a367adc34fac1ab062a465bcb84640a0e73497b189cd58747bcd1baa53bdeb1533b389
SSDEEP

6144:KbEyyj2yAIJbIjNDv0bNXkbvLiPOEyyj2yAIJbIjNDv0bNXkbvLiPR:WyAUbIZGNXkbvLLyAUbIZGNXkbvLK

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (1927) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0002000000010664-6.dat	upx
behavioral1/files/0x000e0000000162b2-2.dat	upx
behavioral1/memory/2956-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/memory/2956-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunec.jar.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.common_3.6.200.v20130402-1505.jar.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmid.exe.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe

C:\Users\Admin\AppData\Local\Temp\c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe
"C:\Users\Admin\AppData\Local\Temp\c119aca718ef0ce2df42ac829ef50953b741c46856d9cb32693ce6ad7b64e310N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

Filesize
389KB

MD5
e535ac7139b3a806fc62f02077810228

SHA1
6f1e57488f7a0a8b4027d8e5526bcd53be271ac7

SHA256
25dfe377554fb801de7e2d7c74ed36f718d800721904a1f2ab0402252a41a70d

SHA512
7bf0afd5902e35f13ec69c3b8529a14945b03ebb308283509e8e2c4053dfc3182073e58316a4a92a9d22d7f1b651211f07ae3d682421ac56c86232559b169b9f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
398KB

MD5
7f2fc91ee6e22f689d15782521603dc6

SHA1
b9fc7c694e185e33460a7b3bbe0695d4bbdfdcd3

SHA256
d2ecaae5884ec515dc8fe3f30d3c5a90b20a7728f1fd6d14dcf9273121d1bc13

SHA512
ade783f43b5c4c01f13b02863098adc864c0d0782b1d3cea9f11e8be4fa008540a52df3c12fc353ebbf8891fc6bf2af9cd533aef47be48bc6514763faa915161

Download Submit
memory/2956-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2956-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download