8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 00:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
Size

120KB
MD5

3caadbd0d11792cb66fd0b61358aeb10
SHA1

752819596d63c1d7a23cdeb7629d335abb8bc4fe
SHA256

8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a
SHA512

2c47637d7968944a0d4b291bba176c30f961009d791b98f0b509c7c65f0283620dc1fa48d6603b771a060f560e9e6bc3a7ee08d9e6edf3bf8d7d59ccaa0a49ee
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hflix:hfAIuZAIuYSMjoqtMHfhflixik

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3438) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2728-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000d000000012336-2.dat	UPX
behavioral1/files/0x0002000000010679-6.dat	UPX
behavioral1/memory/2728-86-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2728-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d000000012336-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2728-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yakutat.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\gadget.xml.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\DVD Maker\OmdProject.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_150.png.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zaporozhye.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kolkata.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern.png.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Windows Journal\es-ES\jnwmon.dll.mui.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe

C:\Users\Admin\AppData\Local\Temp\8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe
"C:\Users\Admin\AppData\Local\Temp\8b125018508f12c0a55a2e5c9cf6357a31efcfcdb7dfb34cfe7ce62695e6439a.exe"
1⤵
- Drops file in Program Files directory
PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
120KB

MD5
0f7574c98d340e7428802f19189f9d1d

SHA1
67d3404b0165716474d29d303e2a6de7d2cabef7

SHA256
cf03f3117e4b40a26c5545e0dc3fe542d57268f71e5f972f9affb576a6b31d30

SHA512
c5bf587895c03fc457c44f7486ff9432e5fd931abacdf6c0142aba390eb5a000f43cb99846da5deaf4c1cfff34ba91313bbd97ed032ccf93e53a6becea58cff5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
129KB

MD5
dd24ce2100bc8dcc47e8de4ad54738ba

SHA1
d2bbd3121f7d7d0c0fd176bdd50205a6d59df76c

SHA256
054c1496fae52d776bd78109f62fd82400d7a750597dc81f79910425df16d11b

SHA512
ea85074ba49af290b5d35268785ab46cc09ba1d9214f9a87c0defcfb57a953ae307b55e16f3f6ffd027df1d3884133e111843764e8272de5aaf6bb4a9651515a

Download Submit
memory/2728-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2728-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download