4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 21:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
Size

129KB
MD5

718eb09a1c4ed55452049cce8c1dcf9c
SHA1

f191473b2c6ffc85f2f8637ab580c242341f218a
SHA256

4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae
SHA512

8259c6b5913422a70c1d96e8914fea37c2b583f7f38e42be243225126036223475e472316ac3ec8fc50797f28886acdc13032f6de9de2735a7f2f3ad6a4f8910
SSDEEP

1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSA:enaym3AIuZAIuYSMjoqtMHfhfK

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3447) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/1628-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000c000000014454-2.dat	UPX
behavioral1/files/0x000200000001048b-6.dat	UPX
behavioral1/memory/1628-650-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1628-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000014454-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/1628-650-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util-lookup.jar.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\gui\libqt_plugin.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Brunei.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationTypes.resources.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.access.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Windows Journal\en-US\jnwdui.dll.mui.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-uisupport.xml.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_de.properties.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.ServiceModel.Resources.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Windows.Presentation.resources.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\UndoExpand.ram.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Windows Journal\fr-FR\JNTFiltr.dll.mui.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll.tmp	4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe

C:\Users\Admin\AppData\Local\Temp\4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe
"C:\Users\Admin\AppData\Local\Temp\4b54555da72de5e1564db850fa594632b17e7e87a11de8eb8d073ceb06837aae.exe"
1⤵
- Drops file in Program Files directory
PID:1628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
129KB

MD5
d00ded6cba9d4ca13a9a54f0b2e621c5

SHA1
edb3f094f4925f4e81d7dda92f1b2f1d84d5c2aa

SHA256
064a0a29b772cef8f32f18b07fc65fd5e3b6b60b7082c9f1caa561a18ab1d1a0

SHA512
0379637ea6a326793bfd744fa9222e1dbec5ba17b9f18c167fe3f25c159573dbb0c81132a60e7dc078299d50e6b6a7a1d4b441c1fa12431c52243a2e8fb4cf67

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
138KB

MD5
b3bbd6a7a2706113d140c6b699f9528f

SHA1
40ab6a50cb3948e448319436a272fbc9afec45f9

SHA256
2bdf38524705265da79186f6e711db2b00becf0ac374402636e0ec4a7a48b2e3

SHA512
60ad20352c48c9ce3d22740c0c9069fd0ba143bde8424891737bfcafcecc09f1608c94ac18a9d68a1a030fefd5b1a1c5c30e13283fc4f5239be100fab6cbeb75

Download Submit
memory/1628-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1628-650-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download