35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
13/05/2024, 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
Size

103KB
MD5

a193e27edfcc99411bad658bc62165ad
SHA1

96bfa145aa801aefd075399c7293129a542b94dd
SHA256

35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a
SHA512

c0f13d71ec646b8125b87bf8a425afdc8611347927cbc66d1bec51b8f01109c853a6f9c006e457742368fe2b5a23d8e12565607e7a5feb45ab78c590a04c7415
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf0xa:hfAIuZAIuYSMjoqtMHfhfX

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3334) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/1616-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000c00000001226d-2.dat	UPX
behavioral1/files/0x00020000000104db-6.dat	UPX
behavioral1/memory/1616-74-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1616-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c00000001226d-2.dat	upx
behavioral1/files/0x00020000000104db-6.dat	upx
behavioral1/memory/1616-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_cycle_plugin.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+1.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Dublin.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rarrow.gif.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Mozilla Firefox\firefox.cfg.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core.nl_ja_4.4.0.v20140623020002.jar.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application-views.xml.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jre7\bin\jfxmedia.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe

C:\Users\Admin\AppData\Local\Temp\35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe
"C:\Users\Admin\AppData\Local\Temp\35dca7406b5873d0ac1a7627205497166900d06c685114383f673361120afc6a.exe"
1⤵
- Drops file in Program Files directory
PID:1616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
103KB

MD5
50e0233ae5721a34e40ebafa6e4565ed

SHA1
c29efa9e6b8d141ffdfe01a9693a7a9bb24ad81f

SHA256
ba6b3d2791fec95dce0f651e2291e0f0c74eab27d53973b211f97d1c6cf19b3c

SHA512
410366e3fbbe5611590849439e6b014ef647d4163b830c0ff57d4da46067c023a9a6343886ba24c14b7a6c17b3a283351073a4fb4965c97a36e406c434ad0f37

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
112KB

MD5
52e871364976487ca1cd4574d465572e

SHA1
0cbb990a45937f9ee8f01679480139a3fe59611e

SHA256
b5ee8c79d02f5360846b21ba5ab732c25897299558015a6b9ef7a15f0e6e7749

SHA512
1a88c37e39dacaf3fdef4b0d9a56e86d6d2bd3a6e6f8b5779f9397fe975d2835c5344a81a774e478b0088299e07e95b86ec9938fd4db07ed46936ba44b326641

Download Submit
memory/1616-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1616-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download