b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18

Analysis

max time kernel
107s
max time network
16s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
11/01/2025, 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
Size

189KB
MD5

9974dc1446fa5741ae9cfabac86fc0d0
SHA1

e09ec2a456a958c010d156afa0fe56899cc7c118
SHA256

b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18
SHA512

27927d6727491b5414dd13293b3097ddfe524be51a34bc7d9a3155f19bd4712b03195f2bb62fdb5774cf6cafff4017cccdcdfe0e450db29c0ad2fe02ee53c9fd
SSDEEP

3072:htEyyj2yAeCgjJQWHIjN3tj6qnv0b2UrXkbvLiP+:fEyyj2yAIJbIjNDv0bNXkbvLiP+

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (2173) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/752-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d000000012257-2.dat	upx
behavioral1/files/0x0005000000010479-6.dat	upx
behavioral1/memory/752-70-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multiview.xml.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-views.xml.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\BackupWrite.ps1xml.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe

C:\Users\Admin\AppData\Local\Temp\b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe
"C:\Users\Admin\AppData\Local\Temp\b2d6dd95e0a2bc30892b8c4df883716aefbb793d28b7f130a6671c7b5b260f18N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

Filesize
189KB

MD5
a7ef9dc4dd03ac55ec42727bb8a67ab2

SHA1
be522bfdf1130531a2ca1e05db2d151a1d0322f7

SHA256
f3052d6d4f0696732e2112ff057814749c94d7148749448691494bd2e4057d75

SHA512
cc66c163d03a29796e60c7041df0f98bf0cf87d682d0e07cebe8b61097f05fa4240675f63e1f7df9040203c1507bdca4877c059dd8b8266e4dc34a333cbfbb0a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
198KB

MD5
ceb1ad966a0c22d4091a0f4b88c7e7c1

SHA1
6514daff2b22867c3a0ac24a9b12acf7797e5bdf

SHA256
285f105339f870bd579eb196f6abd0f908698a44cf4b9e114ad56a6c79b8126c

SHA512
b3e2b03878759edff1f150e5db762d48fd749162f52e4f7fb9a9696ef4e5e8fd34f3a70ff2bb3dd92a6962e7a8c4ffd9f7d67547de01cf2d56fcbb26ad6a7e97

Download Submit
memory/752-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/752-70-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download