443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
01/05/2024, 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
Size

262KB
MD5

6231ea1da991cb65948d7a9ae2c3656e
SHA1

9da27515f6cac74782c06c901c22fe33dc24422c
SHA256

443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762
SHA512

edad0e519d5a046f1f7ccdf5faebda56fa60eadc3da2007d1187ebb4b94b6251a18aa376df617fcd82aa9a43a35ab4d9067e40b1b1dcb9a512bc85936d1ca83b
SSDEEP

3072:+nymCAIuZAIuYSMjoqtMHfhfew9mHpKZNGCLOwstyhZFChcssc56FUrgxvbSD4Ub:JmCAIuZAIuDMVtM/D9UpK7ShcHUaZs

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2987) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2904-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000c000000015c4c-2.dat	UPX
behavioral1/files/0x00030000000104b4-6.dat	UPX
behavioral1/memory/2904-526-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000015c4c-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/2904-526-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-api.xml.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Mozilla Firefox\firefox.cfg.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationClient.resources.dll.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\DenyDismount.vstx.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_zh_CN.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_ja.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh88.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\DisableBlock.xps.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jre7\bin\kcms.dll.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgzm.exe.mui.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe

C:\Users\Admin\AppData\Local\Temp\443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe
"C:\Users\Admin\AppData\Local\Temp\443398db06a4017010e37aa7b3d2c9ec99150647c60a80ed867aca53666b1762.exe"
1⤵
- Drops file in Program Files directory
PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
263KB

MD5
c236650621b1eec5794cf9a4fc631f3a

SHA1
10c26fd5e84aed64c7a5dfc18fa31abce851797f

SHA256
08488e0cda864cf3cb2a1adae8e8faa649a761593a230c5c3fac1c9f9abc37d3

SHA512
3cebebe413543a11b07afebf9e7506c6ad4ef76c92e12c9d81be6d27b50335b692153a6140b8ce7a4e4b787e02bde6f346d415ce0fd38393f30048054d46d6c4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
271KB

MD5
8965885021b467166c5471b0acffd93f

SHA1
35db2bf4f6745270a241b09f583afacff394370a

SHA256
b383a90e56d64e6d6ec014b10353f435b6e8d95f8db34c09f28fe1471639b0f8

SHA512
0f3108ca8290ad34890dee08c7e3ec3c0ecbbd80c9bfb1c90d4373c6df07add9b219ed4a93f7ecf519ebb5ff7ada90c3a97cb59be40f112664f237a386006fda

Download Submit
memory/2904-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2904-526-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download