08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82

Analysis

max time kernel
119s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20-01-2025 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
Size

208KB
MD5

51344a96e7badaa6d5380f6656298cb0
SHA1

26c413199d55cbc3f730918c9786543deed6cf4d
SHA256

08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82
SHA512

2dc8a130adf3931d7e0b54e8833255a73c305654147dd2bcc597be0f02bf44ced2caa926584153c6d12fa0b3125c454495444159369a9cf0320b3f8348424969
SSDEEP

3072:fny1Mwsny1MwnWHIjN3tj6qnv0b2UrXkbvLh:KRiIjNDv0bNXkbvLh

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (2664) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2552-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0007000000012101-2.dat	upx
behavioral1/files/0x0002000000010621-6.dat	upx
behavioral1/memory/2552-70-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lord_Howe.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_ja_4.4.0.v20140623020002.jar.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Lagos.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-selector-api.xml.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_it.properties.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Microsoft Games\Hearts\fr-FR\Hearts.exe.mui.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port-au-Prince.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.ja_5.5.0.165303.jar.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe

C:\Users\Admin\AppData\Local\Temp\08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe
"C:\Users\Admin\AppData\Local\Temp\08574841cfeb8306a1b2ff5b275d326efb26f502cc47a7d95c18027b2904ee82.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

Filesize
209KB

MD5
6756f423b9da55f854be267eed461adb

SHA1
4450f508ffb413c3df7b94b58dd2c5169f6bea2d

SHA256
e9999b17910d1d53b0a3747f25617530eb6f5c5d5cd33f310a44df7635b57cca

SHA512
39d11ba04291f7baf610beb1006bb66ad8eb1fc5ffd33522529baecd2911ffc0cb3b0fee11d403f1c1af0c35bcc36995f411036fe1326c4d2b72aecad7beec26

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
218KB

MD5
3c5a4e5b3c7c4dd1d9070f8bd89fa819

SHA1
382f60930538cd5303057ad6b42a31f42eadc1e8

SHA256
66c1d1abfef2b6eec0fecead0ecca51312a2c80ceb47e8ed67282daa8e59eedc

SHA512
8df5f0591417222f0509ccebc6df1cdadda5cbaec4ec531d6b6cb80c1a37c5eea6df5eb41e780daa014cd9e461670e9ee68ba28faca6dd7582e56271682b8f59

Download Submit
memory/2552-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2552-70-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download