04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695

Analysis

max time kernel
149s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 18:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
Size

101KB
MD5

9ea089f15b331168463930d8b5e1c7d2
SHA1

7b08a13cecd788e196b6902c4f77efe82e04ecde
SHA256

04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695
SHA512

84838d7ec5c3e2fc173f3c41fe63cb0d8ccf6f6477df39ce1ad24afe3f344bce9fa5ff331d6d115effc955fef56c764c1d73779f862ce24e6c3f438d15f77583
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfH:hfAIuZAIuYSMjoqtMHfhfH

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3445) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2856-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000b00000001424e-2.dat	UPX
behavioral1/files/0x000200000001048b-6.dat	UPX
behavioral1/memory/2856-86-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2856-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b00000001424e-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/2856-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Curacao.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.properties.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\gadget.xml.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\localizedStrings.js.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseover.png.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\localizedStrings.js.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-compat.xml_hidden.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Defender\MpRTP.dll.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\gadget.xml.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-middle.png.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\en-US\gadget.xml.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\settings.css.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jre7\lib\deploy\ffjcext.zip.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Mozilla Firefox\fonts\TwemojiMozilla.ttf.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsharpen_plugin.dll.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnscfg.exe.mui.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_zh_CN.jar.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_zh_CN.jar.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\VideoLAN\VLC\README.txt.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\16.png.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp	04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe

C:\Users\Admin\AppData\Local\Temp\04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe
"C:\Users\Admin\AppData\Local\Temp\04a67293be35128d82ba66aadd5964013b60cdd0b0bd881abe3a423e1d645695.exe"
1⤵
- Drops file in Program Files directory
PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
102KB

MD5
325e7e6076041fe9dfb4abf4f2a48fda

SHA1
9bed2a545358aa2ef9da38c37777b32e9c73c134

SHA256
961611aa1608d0648a306b5f8f537b89312af07c0c89733f5b40cb16429b93c5

SHA512
398d16b487ab56212012263956770599948957f084a3b160e0dc322bc7936766d186a4f66a6903d5aaec91d4a724e13037721c0a31ab88194001500b5cdf10af

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
111KB

MD5
84777fe405783c0ccf3c88a7790a1c13

SHA1
22afce33cc645b92914128f7d8734fb9883378fd

SHA256
8ce4431903f30aeb96f01d9c3e9bf28d87c0929732297d5d23e352c19ee2de4f

SHA512
b416e48899522f3cdb48a809821e8c4500cee504a4e8bc0202b949c512690df20dc5bc2a415cb676cda17aaebc92b1f696e7c325e5d9dbae5be5b254499717b7

Download Submit
memory/2856-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2856-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download