484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/04/2024, 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
Size

233KB
MD5

19b72d61f7415bf6d180ec07d0e0b96c
SHA1

143b2299307d509175d3dec8f2495fd860464f46
SHA256

484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e
SHA512

ce7306722de7f88a2856bdb9f3fc06ede2e1f1c6a98f02647d283e1cafb02214202fa1d87b863d3a6589ec9ac705072178f0a67de4247a6d212b71d4b29e8fcd
SSDEEP

6144:JmCAIuZAIuDMVtM/q3RFI7HAHSzdmYpEpGP:7AIuZAIuOthFLHSzdBpbP

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3057) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2320-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000b00000001224d-2.dat	UPX
behavioral1/files/0x00020000000106dd-6.dat	UPX
behavioral1/memory/2320-462-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2320-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b00000001224d-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/2320-462-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jre7\lib\charsets.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-spi-quicksearch.xml.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\luac.luac.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer_3.2.200.v20140827-1444.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_ja.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jre7\lib\accessibility.properties.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationBuildTasks.resources.dll.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Uzhgorod.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe

C:\Users\Admin\AppData\Local\Temp\484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe
"C:\Users\Admin\AppData\Local\Temp\484014311526e44dab23938e4e8c809fa4c3feaf3bde27733049957a8cfaa51e.exe"
1⤵
- Drops file in Program Files directory
PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
233KB

MD5
901e0839786d887004f7d11729af1f23

SHA1
fe8ab56b737350f9569a0b408e0f8639aaf271c8

SHA256
9862810a0509943a53b9946568ddbb71851ad31ac8584c2819723086cd7fbf28

SHA512
a242fd04299b6846d667378e86b7789b5dae45e805d2039f12ea849ef6a5165ac64978e0b450ad2a67eb162771b5eea5a55624d01e76ab8e53e666dbcceb46aa

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
242KB

MD5
95e6f42e741d8c09d43d04c4e2bdbcc1

SHA1
41c7914017edb41a1dd946d72a902ba6a64960e0

SHA256
39919785ccc398391288fbca42053fc0b98c362f18eaf7bcc1bc5b846337731a

SHA512
f815f9a80e27f2be0bd4b5f1fc936a039a3d21007ac40076aec3df5006f475a4a267c68e18043145aaa82020469ffbeebbc7a7fcac60e83baa4d3b1152b9b5f2

Download Submit
memory/2320-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2320-462-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download