453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
26/05/2024, 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
Size

1.2MB
MD5

6c5dc914873107c8cb9282c6624053a1
SHA1

75978d2882828a167c49a350e0dbbc836e5498b1
SHA256

453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059
SHA512

582f955adfaae570974f0464fc73677fb5107507ff12b78323c27f22bcf53dc23f97e942887ac410e6f2ec52decacb2243ec8731d966c1a5befbdd55f11cac03
SSDEEP

12288:KQtyZGtKgZGtK/CAIuZAIuezr6jU7RomhL5DNMuv1cmnIjvYf8mQCmlRvNm1A4bH:KItpzr0uRd7AnYszmn0E9UYy29H5+jb0

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (819) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000c000000012263-2.dat	UPX
behavioral1/files/0x000200000001048e-6.dat	UPX
behavioral1/memory/2204-70-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2204-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c000000012263-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/2204-70-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Nairobi.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.jar.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\desktop.ini.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Internet Explorer\F12Tools.dll.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe

C:\Users\Admin\AppData\Local\Temp\453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe
"C:\Users\Admin\AppData\Local\Temp\453423f00856b7bb0037fca5ec59554ff0e87936223161d78ef72d5d07592059.exe"
1⤵
- Drops file in Program Files directory
PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
1.2MB

MD5
1d3d3e4b10b9d98eeef925c92d0189c2

SHA1
eac366956e17f409aa99d508469d6d23b9758205

SHA256
ad3249dd5cb65705eb3e70e3b7bdb9e6837d2a9a267e83572ef678566e44f953

SHA512
2ca04d7245ca5b9c546ed7e60016c552e4a17a0b19a4e37163d50ac3297bdeb5b055ec9123539f930dd68ec9cccd56da201f412fc986f3bd9f6f447fbd040c7b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
1.2MB

MD5
f82e38f13f1b1b9e25ee629fad33956b

SHA1
da3cee6b5500594147f313b21d36776439272596

SHA256
b4fbbce3e3d4ce30765445476d7ac8d04dd6b6e0c58086ceb63e1dba51470400

SHA512
94c5932275c81baa99c5aee5c21b22f5d880c6125fae72094874342c959cb445b6be507a147e4ba450eb68164490d520e117bbe5e036f1712c1dedc6ade52ffc

Download Submit
memory/2204-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2204-70-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download