0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
04/05/2024, 19:19 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
Size

38KB
MD5

cb6eb6b97c1a7840f34633e0a9f5ffb7
SHA1

2f405c2943e375550a0fe872b113c1cd706a8a85
SHA256

0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f
SHA512

5ceffe62e52f199875bd6e701b28ec09e259fe0a9ba0dd24cdd8dca6006798242597cfddd3697c4dac5575ca0989aa554f1681419ca4574196e7145c15e20a97
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uA2:CTWn1++PJHJXA/OsIZfzc3/QP

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3783) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2952-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000c0000000155f6-2.dat	UPX
behavioral1/files/0x00030000000104b4-6.dat	UPX
behavioral1/memory/2952-86-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2952-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c0000000155f6-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/2952-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_zh_4.4.0.v20140623020002.jar.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.dll.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Windows Journal\ja-JP\JNTFiltr.dll.mui.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\Vdk10.lng.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\css\currency.css.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnssci.dll.mui.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_settings.png.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2native.dll.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\IDTemplates\ENU\DefaultID.pdf.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\setup.ini.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DBGHELP.DLL.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Windows Sidebar\de-DE\Sidebar.exe.mui.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Microsoft Games\Solitaire\ja-JP\Solitaire.exe.mui.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dubai.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp	0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe

C:\Users\Admin\AppData\Local\Temp\0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe
"C:\Users\Admin\AppData\Local\Temp\0a8d58dbc4c768a41231603ca4058c5c0b95a41b1335ae4e7c0c5ccf6584f78f.exe"
1⤵
- Drops file in Program Files directory
PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
39KB

MD5
da62cdcd9fbad799bb236456f7141f0f

SHA1
8eb54a361443287d2d3e7f8ab0f1895eb071d00c

SHA256
d565d9e43ff23d515e513e46e2328748a8929675632e13e36c50424ffab32353

SHA512
1f50a3b1a2bf6566187027d3852a182b53dff2b588fa3f2eaff7f9f560ed6db6ddd5e7aa25208cda79a7cb85aab4d300c4af84f9c522c7cfe6052ecf65cdb4af

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
7e5d20b6bba6b88d1ec8c0c38eb32638

SHA1
2663c8d2f044a1fbb5ef138572537d800074f7bd

SHA256
cd79065e022faebfe72adeb5b5dd944794c04369a70854507e32e66d3a805643

SHA512
2b2a49d81cc562a7dacabcad5bde98f9fd7067f8e1976e6e511b02bd1835808ce2e9f663e6587ccd4f824b0d3417b6d3a19bb2a2fbd7e3b6863c8fb9052d91b3

Download Submit
memory/2952-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2952-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download