613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
Size

108KB
MD5

1cd19658c4c3d011a207c0cabbeec003
SHA1

2fc4a3991357c755b3c3b122f13a26259513ef99
SHA256

613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3
SHA512

e8450961f77d3803a411694fc326356c6eb7b4acfd91bbf1821a01880f546f01ecca5a20940a52b78e4ef1aad8230c1b285145edec8bb4d735675910fd79f663
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf0xA:hfAIuZAIuYSMjoqtMHfhfx

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3453) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/1700-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000e00000001226f-2.dat	UPX
behavioral1/files/0x00020000000104aa-6.dat	UPX
behavioral1/memory/1700-76-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1700-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000e00000001226f-2.dat	upx
behavioral1/files/0x00020000000104aa-6.dat	upx
behavioral1/memory/1700-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util.xml.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.DynamicData.Design.dll.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Belgrade.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Windows Media Player\mpvis.DLL.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dili.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.zh_CN_5.5.0.165303.jar.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.tmp	613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe

C:\Users\Admin\AppData\Local\Temp\613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe
"C:\Users\Admin\AppData\Local\Temp\613e70743f04829e16ace699feb7466ff240fe00f155a131385a296b2b6f0dd3.exe"
1⤵
- Drops file in Program Files directory
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
108KB

MD5
0cee90b9a0a68f8ce8da82aeb8aa38d3

SHA1
7971f28afc239dd7f681380e969db3a2ead6de7f

SHA256
772ece590ab60cb60fb99fc9484dad80a75ea39dbe490ad22a0a12867a1c6b22

SHA512
18f23acdeb12da9a27db41ddbcacfaa3d3f9e17ca00620fb1bb5627b51ac1681e5b91bc53cc8c94f731019249efc5f13673f182d7da1b3535303affc35e063bd

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
117KB

MD5
c5b7dddb5fed8c12659c6873db39cb69

SHA1
8c8f949d293dc1c56fdcdcd2bce5f45495de1281

SHA256
4d2b9bd880a28542de0dde94ffbaa4782efbf71550c711e569d57f5da0e8e7fa

SHA512
d0fe633ddcd27c5287712e702e375d36f591589bbd745f32ecba3552b71039a586bda39e96fe0c99d19388543a7186750232bdeff14e52bce03fe7420c7d2cc2

Download Submit
memory/1700-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1700-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download