73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
Size

96KB
MD5

7d4db4bf4b920361a32f2b58acfef9eb
SHA1

70dd77dbf214eaf7a2f0a5403ef191b7ea00a709
SHA256

73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf
SHA512

5ce5330375ad264451900bb7cde19425b3fb13c888d2649b8e848960aaf5009c262f6107eb1675d5fc062112ea31b2e95e42cc35febcf15a8d42ba5bc64c783a
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfB+:hfAIuZAIuYSMjoqtMHfhfB+

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3479) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/3048-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000b000000014abe-2.dat	UPX
behavioral1/files/0x001c000000010439-6.dat	UPX
behavioral1/memory/3048-82-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3048-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000014abe-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/3048-82-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Cordoba.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Noumea.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square.png.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jre7\lib\javaws.jar.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\VideoLAN\VLC\locale\br\LC_MESSAGES\vlc.mo.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\js\settings.js.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnetwk.exe.mui.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Lisbon.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe

C:\Users\Admin\AppData\Local\Temp\73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe
"C:\Users\Admin\AppData\Local\Temp\73a0b9f18ef44b99c83e708093319634823e5e5349007e36354fe08edc608dbf.exe"
1⤵
- Drops file in Program Files directory
PID:3048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
96KB

MD5
5d9d665896674321e16e7f7b67adab3a

SHA1
a5d7430cc077940b6732bb06335dce5d32d0b72c

SHA256
0b94528dda8e86a6b2c568680039c5c6800b81cec1525b4c4ff1c1263d6cdef9

SHA512
4242ca33f3d6e4bbb26ad463bc34ee176149ee2fece004ecec8ce536cf74daa59c2d3593e01aab70b242a0cfc3ab3e647ef834c8a1c9027dcfde63f54d22888a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
105KB

MD5
5cff89c53caaa16246a0c4202ac138f5

SHA1
5bf9e3b2597a4b5d151bb6c299011492e8813d1b

SHA256
528da0666e372ac9078a996bf5ed8ce2537c695d22806d75c97300e216d07e1d

SHA512
5f1a9272692b92eead94c70b19ded7924fcce000f91a3875e0613d3ca8f33940aabb23265fb0e076812872447b87e345f245c921bf8082a045a995a49053d4bc

Download Submit
memory/3048-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3048-82-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download