8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
10/05/2024, 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
Size

41KB
MD5

23df42d12e1041764b9ecdbd2d14e3ef
SHA1

5c4db08119b62d9b361c2952d8bd6880c81e5450
SHA256

8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b
SHA512

926171942ee13792d9f7977ac539f57f9f15bb776076e5a8f62bdf129e29312770f92559210e7a6b9b527b4f1e8038114b2f4c7c82b75deaf210ed47c8e67715
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAvL5:CTWn1++PJHJXA/OsIZfzc3/QuL5

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3516) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/1700-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000a00000001211e-2.dat	UPX
behavioral1/files/0x000200000001048e-6.dat	UPX
behavioral1/memory/1700-76-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1700-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a00000001211e-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/1700-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_zh_CN.jar.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Sidebar\en-US\Sidebar.exe.mui.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\library.js.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_left.png.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.contexts_1.3.100.v20140407-1019.jar.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_few-showers.png.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ne\LC_MESSAGES\vlc.mo.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Journal\ja-JP\PDIALOG.exe.mui.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\vlc.mo.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_zh_CN.jar.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_right.png.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_hail.png.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-io.xml.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\RSSFeeds.html.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ct.sym.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ChkrRes.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\desktop.ini.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe

C:\Users\Admin\AppData\Local\Temp\8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
"C:\Users\Admin\AppData\Local\Temp\8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe"
1⤵
- Drops file in Program Files directory
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
41KB

MD5
bee827d918370ae9ec0cbbb7447dcd82

SHA1
c1250a624b0247e6c45f9c92e29bd6cf4ae59ade

SHA256
0c94b523be2e099b2b58b9367a0e4be28cf5fe2bff0d44a984f7fe66fc179019

SHA512
268e3165d8938563e8777edc928007c96f4aa22344db6c1dd0a67a8ced193ee292b4ff5c93852468950cdb8d8c9663208cf9d79b6d4c93bf380b13a6980b02b5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
50KB

MD5
33cd856d6f2f732d15add05b616dbbf2

SHA1
d2400b3815516333ade4b24ddf4ee74be54c355d

SHA256
75571583541692f3c051b4c8ed2631c6cc2474ef2636fb8c5fb13a808ee3189c

SHA512
f59c8f8a1ab09f8a705f772f5164b95c47b8b67ea1d0460eb07ba7c66da133c4ef33593bee131e32db390d736890f26f8e40498bfdb1f6004052760980962ef0

Download Submit
memory/1700-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1700-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download