c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
11-01-2025 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
Size

282KB
MD5

24e967e8948317a18132b9698fb1b9f0
SHA1

d037a9cffcba363b758ddc571ef8d8ea94d88d27
SHA256

c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7
SHA512

c0b3f0f4197bb2d69b979d1a886a17d26215e5d995c41f46a361956d4450c8d4453e365d50465c33bbe610fe89294796db9c7ec8d135fd29633dc150322debd2
SSDEEP

6144:KbEyyj2yAIJAEyyj2yAIJDyIjNDv0bNXkbvLl:WyAU8yAUDyIZGNXkbvLl

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (2151) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/848-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000012117-2.dat	upx
behavioral1/files/0x000f000000010617-6.dat	upx
behavioral1/memory/848-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-modules-appui.xml.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_zh_4.4.0.v20140623020002.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Syowa.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\tools.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_ja_4.4.0.v20140623020002.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe

C:\Users\Admin\AppData\Local\Temp\c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe
"C:\Users\Admin\AppData\Local\Temp\c98e55830bface0e13ef7b1ba5f2e655d61c714f49a65441ffd0ff15b655e2b7N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini.tmp

Filesize
283KB

MD5
0ba279beed8f42f0f1acbf2b3a0e3901

SHA1
a5217ab8f276f9f9a15f6d41711be610b54baf79

SHA256
0b842436e37b66476730f7d36e42270736bb90146ddad1a413b445b1f2c2b6af

SHA512
b87d384aa3c8c6eaa5cf3778945ecb5ff4a3dcb511293b134aeab2bc20d283d744c8c7f0d10372f822e3d17911e3bfb406c74646fcaa88776e8f61f8f2b7747b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
291KB

MD5
ae650d77d9604a89bcd2115e8e2a1c27

SHA1
ac139c7e728d17feb7512cffb9a1b3237ec3a6ab

SHA256
cc57488c902019752f0fc8e811df9832589c7d393db434fb0ef3f2a16ce021be

SHA512
23761723f28ffc31e06d697097ab9a9b0d0cb30b23dd69829cceef5a976c6e923855f8fbff06d695df820fc7cd97d3bdd17a80da823a2df0c154b2da60e9f0fb

Download Submit
memory/848-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/848-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download