45fa81742a04a0adc78077de6ea4bb24b7cc295008fc4c60aec346d73e16a3f3

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
17/05/2024, 14:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

12c878514c13da385f62432a0567f504.exe
Size

49KB
MD5

12c878514c13da385f62432a0567f504
SHA1

841f5a79c8cbf7d1a092a0a064d9721b1e3f9bd1
SHA256

45fa81742a04a0adc78077de6ea4bb24b7cc295008fc4c60aec346d73e16a3f3
SHA512

4a4e68c17244e6d5dadb65b43e5c212c08bc5fa626a3b18ddf0eca4b1ba92042e7e804db42681ff661da65d410ae388833afb02a908a9d60fd26f92d265cf3e4
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFxS:CTWn1++PJHJXA/OsIZfzc3/Q8xJJMJJR

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3547) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1728-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a000000012286-2.dat	upx
behavioral1/files/0x00020000000106a2-6.dat	upx
behavioral1/memory/1728-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gu\LC_MESSAGES\vlc.mo.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ffffff_256x240.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows NT\TableTextService\it-IT\TableTextService.dll.mui.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\css\currency.css.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\fr-FR\gadget.xml.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\timeZones.js.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Resources.dll.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libinflate_plugin.dll.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vincennes.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_zh_CN.jar.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs-nio2.jar.tmp	12c878514c13da385f62432a0567f504.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application_zh_CN.jar.tmp	12c878514c13da385f62432a0567f504.exe

C:\Users\Admin\AppData\Local\Temp\12c878514c13da385f62432a0567f504.exe
"C:\Users\Admin\AppData\Local\Temp\12c878514c13da385f62432a0567f504.exe"
1⤵
- Drops file in Program Files directory
PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
49KB

MD5
dc514ecff3eabd69f5db09ee22826b82

SHA1
c6fbf547c3dae1ba6ac8465a8a7bcc4d8dc7813a

SHA256
7afb1aaea1f849cda00884e3864fb40f6f2e83044eff43dd0bbd53ce4a0a718e

SHA512
f520811730a4e01aaa5f52d67c0e08251126733a6aacc8af2586fb7969d27439cbd921238124df99f5ad01b33bc96ae6c4e160dbf558c78bbe44de657b039e2f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
199e339c6f13d94712b6f7c0869f2041

SHA1
2f1434c7196777e3c6d3eebc67710a4e3a180b0a

SHA256
0c3f52e66c2ca60dd468ebee52887c36a83855cc9e324f7452873f6657a5d7c6

SHA512
61f88658f6363f47c51bd8dc483a1866b6168a59d85b8ba0c0374f2f08f00075373589068f00d6faceb83ddd6820b0c172160886055faee119e88d58a13f3130

Download Submit
memory/1728-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1728-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads