acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03/05/2024, 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
Size

38KB
MD5

6a9c114b500c2118cf8e178e660a62bb
SHA1

050e44c17e96212e92f6c4a57a8c6b63df3a5f61
SHA256

acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667
SHA512

502468dd770f9c70e79af8ab86bf8c70906becddd5351830161bb545da90e765b28fb871101e2a495db1788bc09f5c83ec12ba5050b25ff8576db1f7c2fa29c3
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAB:CTWn1++PJHJXA/OsIZfzc3/Q4

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4107) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2040-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000b000000015d31-2.dat	UPX
behavioral1/files/0x001c000000010439-6.dat	UPX
behavioral1/memory/2040-86-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2040-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000015d31-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/2040-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\library.js.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pontianak.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libdeinterlace_plugin.dll.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\gadget.xml.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.SF.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\THMBNAIL.PNG.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\currency.css.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\23.png.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_cloudy.png.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Design.Resources.dll.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdate.cer.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Windows Journal\Templates\Music.jtp.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.ja_5.5.0.165303.jar.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_48.jpg.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\WISC30.DLL.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_zh_CN.jar.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\SETUP.CHM.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AFTRNOON\AFTRNOON.INF.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_view.html.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
File created	C:\Program Files\Internet Explorer\F12Resources.dll.tmp	acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe

C:\Users\Admin\AppData\Local\Temp\acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe
"C:\Users\Admin\AppData\Local\Temp\acebe5e76dc7e9fc9881cb063a146c2642ee3ab843b03d611f68f0b9f2691667.exe"
1⤵
- Drops file in Program Files directory
PID:2040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
39KB

MD5
8b3f270d709330532abaf5e38a24f98c

SHA1
f3b1c7de4e4db95ba3cb0acb65ae3d4592f9b979

SHA256
01170162a0542eeee19ca044848402edbb654ab31e6d8ab51e081f747682fd4e

SHA512
d2517c49db13164db9bc9ccb66e599a0970fe1f5a44d1c296779264d48ec4beb229122ed84a6f58e12ab03ababb050e16bf2c424a89830167643c9b092a3a4ea

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
d7eea14704cce806415300356ab3ae0f

SHA1
7e25bd1f678ffa3bfb60a1f51a29d9eca27b135d

SHA256
95d8de6e9d27a3af545d6eab1bb8e8452f8305c2095f7a4ed0ae32d762856403

SHA512
c1234da7e2e1c0d6e34f579505d88958c783525fe05d3ade94a54f6fc18722fee6bb54968d5ac0485bc914ebf04f41094f4b1ae076c4597727bbb1e67d60c3c0

Download Submit
memory/2040-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2040-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download