8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/05/2024, 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
Size

121KB
MD5

08526595716d52bf9f6ef50fca514fa1
SHA1

1cc99a9a07d1e785d08bfb81d84e1ae7827063ba
SHA256

8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146
SHA512

208889936298d0cb5bfa94f3f27dea0e1b1f0644c90b3d625cff6ecf73a75163acd019443705db731054c6726ab02297cdebfe599e47145812689e74a165d332
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCp:+nymCAIuZAIuYSMjoqtMHfhfI

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3432) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2220-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000f000000012334-2.dat	UPX
behavioral1/files/0x0002000000010674-6.dat	UPX
behavioral1/memory/2220-644-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2220-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000f000000012334-2.dat	upx
behavioral1/files/0x0002000000010674-6.dat	upx
behavioral1/memory/2220-644-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_partstyle.css.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240389.profile.gz.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Mozilla Firefox\osclientcerts.dll.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jsse.jar.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.zh_CN_5.5.0.165303.jar.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_zh_CN.jar.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Windows Defender\fr-FR\MsMpRes.dll.mui.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ContentDirectory.xml.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
File created	C:\Program Files\Windows Journal\Templates\To_Do_List.jtp.tmp	8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe

C:\Users\Admin\AppData\Local\Temp\8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe
"C:\Users\Admin\AppData\Local\Temp\8e4f94f87946f63851273d193f52cf887689ea49d9300e0f76567204bfd81146.exe"
1⤵
- Drops file in Program Files directory
PID:2220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
121KB

MD5
2d5bf5cd0355012a146389f69d0c7423

SHA1
38191e6aa29981080fe6840efaadbcb015786e54

SHA256
e8ec913d97dc47ca045b8cf63063d6c8253fba860069a18e507ca2d0b0321b03

SHA512
a1342497be81a2edc9f3cea7b9160296f02a80902013572f7cc118925c80becf0048e654307c6986350bad612fe536b63717f56b3c3cd1e212ea932cfa477661

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
130KB

MD5
6fd14bec012aa83ca0d8d04efc67844d

SHA1
407a74babc085942e7c0a633f2d76e8289ab0cf9

SHA256
d6cef434bc564e098a023f192e348955cf7f622eb8298e700e74386d8da11c9e

SHA512
0952af08c471d4e6edc6fa22939108fc30ca47d76f5b980f4778a81fee18e04fa88dd4138e7d86c3f879ef86bede2f0640497a24c14cd60b12607d4296f55be0

Download Submit
memory/2220-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2220-644-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download