eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
Size

97KB
MD5

5b45615cb3c69f90da922be19952bfff
SHA1

1766cfca9445e41089eecc1910b9828af667ea8d
SHA256

eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6
SHA512

23db5dc901204f6dc096a0b5ea2968789efdc3cddea45b19a8c0f767472d98f87f9829aab424f0e81da79af5abf197f82e809dd0c553cd7003f58281daeb74f7
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfw:hfAIuZAIuYSMjoqtMHfhfw

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3452) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2128-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000f000000012272-2.dat	UPX
behavioral1/files/0x00020000000104db-6.dat	UPX
behavioral1/memory/2128-80-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2128-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000f000000012272-2.dat	upx
behavioral1/files/0x00020000000104db-6.dat	upx
behavioral1/memory/2128-80-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_Loading.png.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\blacklist.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Windows Defender\MpAsDesc.dll.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jre7\lib\jvm.hprof.txt.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer.png.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\PresentationCore.resources.dll.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationCore.resources.dll.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.jpg.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\currency.js.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_top.png.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di.extensions_0.12.0.v20140417-2033.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\rings-desk.png.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macTSFrame.png.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\GRAY.pf.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-explorer.xml.tmp	eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe

C:\Users\Admin\AppData\Local\Temp\eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe
"C:\Users\Admin\AppData\Local\Temp\eb828ba0e243b4f993b6afd09566186d3c4906ae7bccf91f91552a9bd3a081b6.exe"
1⤵
- Drops file in Program Files directory
PID:2128

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
98KB

MD5
589249bd98a48084a8c14a6a717e1ef9

SHA1
5f1d39dc5159e97afc0d3abf845d239c8ce55427

SHA256
4d749dc5c125ada3afc0ac971e2a23f7fb753f6bf9926c112866cc8f63a35bf8

SHA512
83869033b4981ad5f9b3eb916a7dd7d4fa4bcdcec3f7778c7184791b5b2b6778a959cef0c468afc7f077dd0bde76f8d156908faa225e6eb5de9f099e397d8d54

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
107KB

MD5
4c63caa5abb728d4f520dd37ea229dc6

SHA1
30440a565498aa346f2e0391279a5242e2b2358f

SHA256
2c4eab3916754baf56cd4f9091d833446b42f137f24ecec8593a4dd4219f2d50

SHA512
239950f5860fc6a456f247513c0939df10e0f2497ace24f6c4b85586b5a25286a7d0562b48134151a91bb0acc9610033230b0a0893d94cbf3dd872c74759dab7

Download Submit
memory/2128-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2128-80-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download