bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
Size

127KB
MD5

3837d49e71ab0234325ce429fa22be8f
SHA1

59c67c47ba36bbf047fad856e69ac5fb5d4565ae
SHA256

bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b
SHA512

81ce955f4096b7e9e74d1ba2c739b7e8209a366751f75d07ffd5cd867e13324df9b23d1560e02eb58f1454a7f4717d857830b4b2adee78a75051a66d544bc337
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCi:+nymCAIuZAIuYSMjoqtMHfhf5SskG

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3435) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/3000-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000c000000012671-2.dat	UPX
behavioral1/files/0x000200000001048b-6.dat	UPX
behavioral1/memory/3000-618-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3000-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000012671-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/3000-618-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_mmx_plugin.dll.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_asf_plugin.dll.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.lnk.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libwave_plugin.dll.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmad_plugin.dll.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jre7\README.txt.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-attach.xml.tmp	bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe

C:\Users\Admin\AppData\Local\Temp\bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe
"C:\Users\Admin\AppData\Local\Temp\bc79958373d59c8d46ce20429c86ce9e19862ce788c701008e11c2c90530497b.exe"
1⤵
- Drops file in Program Files directory
PID:3000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
128KB

MD5
09c00f113fdcfbdeff1ec68f6cf30656

SHA1
ac6d6965b81c3463b4c8f8d251e114949883f9b0

SHA256
f333164c93b1ea759626fad2b56c1e227a6c6b313784fc1c680f9523457daadd

SHA512
fd0a6c3e8dde3ff00af939b1739126429137aea0752e46078c8112a097ba7faa2f7965adedafc8858f8574a2dd870897f0377626b4bccdb7047200b8440d0d34

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
137KB

MD5
476aa4266f4cccc285081f13b24894b4

SHA1
e72976ea40a18d08bfc02fd8bf6f03184ec08f85

SHA256
0299339e2ab3e2e96b0046f14d3210987406d5361888c984a7a16e9fdd8344af

SHA512
6f4d8f581f5ebed88e191a0c95e177578fcf50b892868afd070e3d3d9d5fa8c80ab1bec3cfaf50d6e6a6b1da6fd7c5aef5c01b204da01bb31ae8196806a3601f

Download Submit
memory/3000-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3000-618-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download