ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14/05/2024, 03:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
Size

107KB
MD5

7b326da426540c4c068a723628b57baf
SHA1

0c79a980d03bab5842a8f16ce1b930827b3a4d90
SHA256

ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153
SHA512

9a70b4412d1a3f7ef7add12cdb0da7f33b5def65c4df0c198be6657ea55edc642eeb0767186f48e5378241057c5c6587ab7b75af76a5fdacfe5c2abd6b49f48f
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfOG:hfAIuZAIuYSMjoqtMHfhfl

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3445) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2284-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000a000000012280-2.dat	UPX
behavioral1/files/0x00020000000106a2-6.dat	UPX
behavioral1/memory/2284-76-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2284-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a000000012280-2.dat	upx
behavioral1/files/0x00020000000106a2-6.dat	upx
behavioral1/memory/2284-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libsatip_plugin.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-desk.png.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-editor-mimelookup.xml.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\gadget.xml.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgzm.exe.mui.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.WorkflowServices.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_dot.png.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\cpu.html.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsFormsIntegration.resources.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java_crw_demo.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\clock.css.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\clock.css.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\SearchSplit.wmv.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jre7\bin\dcpr.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\clock.html.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp	ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe

C:\Users\Admin\AppData\Local\Temp\ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe
"C:\Users\Admin\AppData\Local\Temp\ebe3963620a3f697c2e6d624f25187fad784907008db641de3c2e6028be75153.exe"
1⤵
- Drops file in Program Files directory
PID:2284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
108KB

MD5
90cd6b1f9cc232892cb840105c1781a8

SHA1
6941a3e43b5abbcd58d8c0b63f5528a346b8d9fb

SHA256
90737befe657a0810532edfe0b7ba5cb42271d107dbdd783ffcca4fa2def6c01

SHA512
35a5e59718470f3b6b218f22219ddb5a86d866708465b94b80f5837675207179ad9d76e8f3f8a060d6d2925f47bfae3a329c9762e1697e4200dc64f81dd87a6b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
117KB

MD5
bb1713ce7cc37cb584c319d03e3ad3f4

SHA1
bb9560e1d911aebc00601365c90e77fea115133d

SHA256
8394bbab0eb5aaee3a362b492bdeed35fd9080baeb3e5d813d83c4a4d8714d5a

SHA512
2b2a378e015d7fbff5fe087970ff680b10ced9945e94b2b7e137dd28e0683d8cad4baccc89cf7814d8f17a671b90e3862de9a3f13eaf490f080fbafd493adc94

Download Submit
memory/2284-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2284-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download