419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e

Analysis

max time kernel
149s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 21:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
Size

125KB
MD5

24a63745bca866462922fcca0d52c194
SHA1

8a00d3582eaa040396082c4a2bf8b9aefeed73cf
SHA256

419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e
SHA512

a5b463d17edc7b73dc42fe3cb973fbe8b05c2d455756e0be8b830d656103d8892c1ee0f5dbf79aa3091ad78be133159cd695df0b74732dc03e8059adad8791b2
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSC0:+nymCAIuZAIuYSMjoqtMHfhfJ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3254) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2528-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000e000000013420-2.dat	UPX
behavioral1/files/0x0002000000010674-6.dat	UPX
behavioral1/memory/2528-394-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2528-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000e000000013420-2.dat	upx
behavioral1/files/0x0002000000010674-6.dat	upx
behavioral1/memory/2528-394-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmpg123_plugin.dll.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\bin\jp2native.dll.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\batch_window.html.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-execution.jar.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pohnpei.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sitka.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_ja.jar.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Eirunepe.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\autoconfig.js.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Windhoek.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Taipei.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-templates.xml_hidden.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp	419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe

C:\Users\Admin\AppData\Local\Temp\419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe
"C:\Users\Admin\AppData\Local\Temp\419739868bbf8b4c3314497daeb0c9ba8167c06497f2181fbed16c76e0b5011e.exe"
1⤵
- Drops file in Program Files directory
PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp

Filesize
125KB

MD5
2fa72e12dbc9bb38751f91a4bd1eb054

SHA1
953fe7a2ea7f28df4dea514a0b039d51058ce016

SHA256
ab67b305a191589f5e5837898d8be7b160ab26253148081c4cf58f3c4552a310

SHA512
1ed978ee9a0988218ea398be92e570f0559b1ec35cc9f24aaec00849a169609a90fe38f394f1ec66183165981d7d048ca181cfd5f31dc7af184623b6879faf4c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
134KB

MD5
3b951b87a69fbf6ba7ea272baa0b3b85

SHA1
3521dd3a1791331ead9ee09c868eadccb76b13d1

SHA256
95626261fcbac02b268d56a9a495d5f17b047df5778bddf511b9d2e27308dcd1

SHA512
3b039d1d4d6ab93187123eae18312bb4e3eaae85032e9c5ab64713a969d3dab80ec27c2a2ae6f51ddf24d8f8fa1b7c813eb0c4ddaf3bc2c2a2d26dcc8b477b9a

Download Submit
memory/2528-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2528-394-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download