4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
Size

110KB
MD5

04bee44550aa144a6606ebc1ff8373ee
SHA1

e616ef93926813d28371cd5697625848fc4fd69f
SHA256

4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38
SHA512

459650fd7c0c57ca601c73df86648f5ed8829144f04fac089a9eebcbfec7a69312e47673bf64131e1ab5f400a539b9396fe12ac6d9168e639b10c3892c8caa28
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf0xS:hfAIuZAIuYSMjoqtMHfhfn

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3438) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2728-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000d000000012336-2.dat	UPX
behavioral1/files/0x0002000000010679-6.dat	UPX
behavioral1/memory/2728-74-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2728-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d000000012336-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2728-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_zh_CN.jar.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Windows Mail\MSOERES.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\DVD Maker\Shared\Common.fxh.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jre7\bin\jsound.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Folder-48.png.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpAsDesc.dll.mui.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmirror_plugin.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Windows Media Player\de-DE\WMPMediaSharing.dll.mui.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\VideoLAN\VLC\vlc.exe.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-util.jar.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-modules-appui.jar.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bs\LC_MESSAGES\vlc.mo.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\VideoLAN\VLC\skins\fonts\FreeSansBold.ttf.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsFormsIntegration.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libcompressor_plugin.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe

C:\Users\Admin\AppData\Local\Temp\4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
"C:\Users\Admin\AppData\Local\Temp\4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe"
1⤵
- Drops file in Program Files directory
PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
111KB

MD5
e781b08522c32de3b2e8a8a0abc4c82c

SHA1
12364748c808769a3495fe2fad718eecdbfc6b43

SHA256
3755933e4e41301936144f275f7ef2153c69fb139891b3b7fc0b7a3f79e04003

SHA512
1b8439e1a190dfe2f4989e168b4e2320592a22b3066ea683f062e218cfec48ca4f8a9aa37b0cb71019b273d30141e5ef6660eed5bbfb993d24989415d351a43d

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
120KB

MD5
83ef667d9f0aac78bb7eb7e635d82f8d

SHA1
c8e0f5850cb40631d2a828ae92104738163fa283

SHA256
3ee4a676945e019c9256fb5ab8ecb6653a7211bd5ca64a2a02f8de19379e1d6f

SHA512
ca2c7eb0003757340be2099bba8e00de4426beb8c06f20a382c721a70a2e25906b136d9a2ad289d83f82ccdf923400571e12fd597fc49c02e6595fb50ef8916f

Download Submit
memory/2728-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2728-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download