fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/04/2024, 04:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
Size

184KB
MD5

0f069ffb49415d4501a82384473703e6
SHA1

7c4a1e6984ec6cd87ae53e0c44bb1ae182213e8d
SHA256

fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef
SHA512

25cf09c1a67c00f262e9c56d3d09687f3b34d808de289afc8e25756e158ddca9e1c7cc1c33ba518510e1263c8f40ada75a5fd31c41fe88fad81f50eb894f41b8
SSDEEP

3072:+nyiQSo1EZGtKgZGtK/PgtU1wAIuZAIui:JiQSo1EZGtKgZGtK/CAIuZAIui

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3224) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2000-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000c00000001340b-2.dat	UPX
behavioral1/files/0x000200000001048b-6.dat	UPX
behavioral1/memory/2000-512-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2000-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c00000001340b-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/2000-512-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jre7\lib\logging.properties.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\vlc.mo.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Design.Resources.dll.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Resources.dll.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\jquery.jstree.js.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host_zh_CN.jar.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\UnblockImport.wma.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jre7\README.txt.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jre7\lib\zi\EET.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Stockholm.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application-views.xml.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guam.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp	fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe

C:\Users\Admin\AppData\Local\Temp\fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe
"C:\Users\Admin\AppData\Local\Temp\fce90bfdce44e491bb0113df14dc9caa3f6aefe92e3d4c4d917109e1096f76ef.exe"
1⤵
- Drops file in Program Files directory
PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
184KB

MD5
86890e30a40b67beb9ada0c98b357725

SHA1
4a2fe9ffc1e8bd84f06801fc0b5ff18001eec145

SHA256
2eae215a0da8e9a7ed072d7384c831bb9f19d8b06836951537c16827058c1efb

SHA512
e62566c86dcf786bd7906fb80fa799328bd7b36fb4803e6744c99ca465e10401952c8224ef7c0dabf2eaa1c4fff581ffbd91898a16584a0b64d7c204de5846f8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
193KB

MD5
9cc4ec207530c042d9c35f6523b8fc8f

SHA1
cb075a366089ed657c657f6d52dada6600d857c6

SHA256
c69e2b1a9043af295dac04924961fdcaec618c355776fceb1e979a38c26bd6b9

SHA512
18bb9a6619a23d26d4d9b83033715fbb04f8e1a3d8879dd6b8d70edc3151c3095ff8c1e12ecc47dfb64e3eec0de78427ec309ca8ef26349b11ef096d7abb3691

Download Submit
memory/2000-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2000-512-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download