1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11/01/2025, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
Size

341KB
MD5

bfba00ceab183b26b42fe6fead6b305e
SHA1

64cea5ff1d9ca00d3f26ef7653223b8b8dd999ed
SHA256

1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb
SHA512

179462e5e1f42c2f3541f2ff2284b99c8acc705edf9fc163134fc3304238de7ac5e54582b6ddb5b55ea248e91cb9f643b54c8a556ba48ff9ccdd00ba25c76ce3
SSDEEP

3072:fny1tESQv+T3K7mvRIWXiqKkKGbTDVPuqny1tESQv+T3K7mvRIWXiqKkKGbTDVPu:KbESQvE6g9tTDVYbESQvE6g9tTDVW

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (2077) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2316-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0008000000012117-2.dat	upx
behavioral1/files/0x0002000000010617-6.dat	upx
behavioral1/memory/2316-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-explorer.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-applemenu.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Monrovia.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe

C:\Users\Admin\AppData\Local\Temp\1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe
"C:\Users\Admin\AppData\Local\Temp\1d9d8d60d99d1140b173ec85db21119f315e5e8f41d734a62a607c0f5fb4dffb.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

Filesize
341KB

MD5
dfbe3512f1482bc86f95973923aedf94

SHA1
04c5f5f04a56639f7ab53c25407092f94de4c3ca

SHA256
5b7809b0a5f3cc350bceba0141aca11cc14fadbb1090434d6815089868dc37df

SHA512
4e1d3b872d58f9091187329600eb0914b1ed7b9cc1f3028ef858cc5f419f0c3561078fe9d811613c74b0bf925ccdc5e0d3b6c2b34366ad048cdfb527f335ec31

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
350KB

MD5
15517859558cda41875a5c1a4e7876be

SHA1
022fa36d7134dc312ddf103bb6837d6aca75d17e

SHA256
b522bb4c7c6313a0c91d43bcf6fd01da528136799445b6de3bda39448900f0a1

SHA512
f563e85ae9820ab5074c894483d4aa02a2e6582ee49631d73ce231369b436bb58185ec227a90905219ee2636a4088bc17022cb5d796844229de5800e8e079ead

Download Submit
memory/2316-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2316-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download