38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
Size

109KB
MD5

48134c43652e540ff3fdd904ca96aaa6
SHA1

021cab1a9935bd14cc6ee82a5fe63fcee19f5373
SHA256

38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3
SHA512

59730ada485cfa3d0a08140518e9fc4add6101ef509c4d9ce68f432c403f10d20e4a2314e3efd298b15e8043ee9c9aa748fbe486bd7dc7e56c91e90b4a446ea5
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfS/j:hfAIuZAIuYSMjoqtMHfhfqnj

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3433) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2732-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000b000000014284-2.dat	UPX
behavioral1/files/0x00020000000106dd-6.dat	UPX
behavioral1/memory/2732-86-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2732-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000014284-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/2732-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Printing.resources.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssui.dll.mui.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider.png.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_right_mouseout.png.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_right.png.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe.sig.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\drag.png.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\META-INF\MANIFEST.MF.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe

C:\Users\Admin\AppData\Local\Temp\38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe
"C:\Users\Admin\AppData\Local\Temp\38a837c629181a67436c7f40535860255bca3e2dbd1f95fdc60de746d392a0b3.exe"
1⤵
- Drops file in Program Files directory
PID:2732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
110KB

MD5
66deb6e4308803c6069495ec242ef815

SHA1
e9ef3d4a8c356a6e494be09f2aea84c75504ff23

SHA256
3420024c6dedc56e3b6eecc72d43b1bab4c8f5581965bf4d1ec036aeb5eebf24

SHA512
52bf7d8e059b6a32ad2fc5d5cf09c17b230af38e81b38120c7968b03c1b264fb0996d02f6c0a41bcad11d1d2e852ab8a327002391aa4b10665df5436eaa3438f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
119KB

MD5
bd4b4f800124548389ad01387b103c6c

SHA1
edc5185e6f12e6fa93bccf8fd0d133053aebf66f

SHA256
9e46108ef99c9ba381606b4be00f71a87cbc4340acb73c9047f423d22190f790

SHA512
d1e66e979373a4af7ecba16f4919fbed0b4bd12879c2e37b4630637f152fab891d59fce6e46b5fc005921ea5aaafac55b263d9800417a3922f8da131c5269b0d

Download Submit
memory/2732-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2732-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download