2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/04/2024, 19:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
Size

107KB
MD5

95471ab4674083fc00dc5a8a8a9a378f
SHA1

1aff225fec372a7fbf0caf582b2e9eaee81632a0
SHA256

2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336
SHA512

921b53431e582ff3174c0425603c1abb12407986372f7a1aa071d1ee67ee1343c94cb5c5ea0822445e154cf52c65f4375d47f4ce9ab2d66583dff4b3372cd5e6
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfOP:hfAIuZAIuYSMjoqtMHfhfE

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3439) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2292-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000c00000001342e-2.dat	UPX
behavioral1/files/0x0002000000010679-6.dat	UPX
behavioral1/memory/2292-86-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2292-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c00000001342e-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2292-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Mozilla Firefox\omni.ja.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayenne.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\css\settings.css.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\library.js.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libqsv_plugin.dll.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liboldmovie_plugin.dll.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Reunion.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_top_left.png.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll.tmp	2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe

C:\Users\Admin\AppData\Local\Temp\2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe
"C:\Users\Admin\AppData\Local\Temp\2d53a70315e5288ec482884173b4055589472f7f643ba642bdcda162ab863336.exe"
1⤵
- Drops file in Program Files directory
PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
107KB

MD5
a63f71359936c03e0747a81ff3644570

SHA1
91564a7709a5c423a2e30790b1ef4c50450f8827

SHA256
05c1849585ccc00b4f1a7176c7a9b2b40edea381d1dcda4507d0b74e39eb8dc8

SHA512
284682d651c73700fec79bd434b6b071a33975604fc9fbbb519c2fae404e247a1942ece72117c612f1b7af523364f42632f2c3314f963d997a99e17014da15c6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
116KB

MD5
6a677534c22780615b50b8385900cb32

SHA1
f014aafca46def691b3e718176bf2b05f99f7391

SHA256
026f758fe1b2635cbcd20fd69426a68acf58cde1ca19d2601d62489fc31c8e3a

SHA512
a82884792d3044ea2b1182837ed46eabd2cf5236aba0e773967e752f3c1224cd264323916954ecdc45fb4bc4335fc74716e9ebed0b346ac1617d8b339c103417

Download Submit
memory/2292-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2292-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download