0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/04/2024, 18:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
Size

159KB
MD5

1dc70213b8a0530bc3370bd2902c2e1f
SHA1

d3aa47e6d89772edf88071073e9871be691dc42a
SHA256

0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632
SHA512

1803e55db092a78bc25384e24db774c8e590940773351859aff86fd5428f1fc36468a751df9e018291c4b17ab27b9460e001fbcc748474b4df2bab37dbc6d8f1
SSDEEP

3072:+nymCAIuZAIuYSMjoqtMHfhflixiE5gbez:JmCAIuZAIuDMVtM/jS

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3445) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2040-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000c000000014890-2.dat	UPX
behavioral1/files/0x0002000000010679-6.dat	UPX
behavioral1/memory/2040-642-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2040-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000014890-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2040-642-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Windows Defender\es-ES\MpAsDesc.dll.mui.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_sse2_plugin.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgrain_plugin.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_standard_plugin.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jre7\bin\server\classes.jsa.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\msvcr100.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
File created	C:\Program Files\Windows Defender\es-ES\MsMpRes.dll.mui.tmp	0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe

C:\Users\Admin\AppData\Local\Temp\0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe
"C:\Users\Admin\AppData\Local\Temp\0ea3e6322e9e804934b1036d5ccdcc2507af8bd46a976c915be0f910141db632.exe"
1⤵
- Drops file in Program Files directory
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
159KB

MD5
1c735165b74b60cf03e11ad2903451c7

SHA1
6a920552e262b4304b0ce5cf00b7dccb744c8a0e

SHA256
b29eced6bd3ebafd0e59e118b8a1734a798f3ca5812c353378f33cd4d1ce026d

SHA512
429e372a28456f72e6bc2aae461afc1a6b17656cbe7155311181067767afba3d0f05a95193b11a82bc9a827d6c436f7501161efddfc61d36492550bc8c9ef0ab

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
168KB

MD5
201e1b1cfcf809615f3b6febb9391589

SHA1
03f479a8d539f6a560312d32fba03d98c1eb98b9

SHA256
579187d59e480d890a36781f7b14df245d6d51073ca7288bcaa00fc86ca3ddbc

SHA512
41d445b041421fdded491f7edc58522582ae62785e31f7638585df396798a3a6199645e3d9132a2938c1c73df4ba2fa876f6baf028906ba7ad686eea77a029a2

Download Submit
memory/2040-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2040-642-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download