1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
27/05/2024, 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
Size

68KB
MD5

5b66fc912abe94167f4a53f8a7d37c93
SHA1

282c5d62080049fa9283f9add88823677a340377
SHA256

1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c
SHA512

f4e0d74be1e3a207c43d8c13963c1790aefb6ec0282d6c59b9081726511449b5747f865c78bfc53b8dbe18faef8cdfe7d2cc06ebd73fbc4403c9f5449504b9b9
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZISWh7SWh30Da0De:+nyi/SWh7SWhT

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3688) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3016-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d00000001227e-2.dat	upx
behavioral1/files/0x00020000000104aa-6.dat	upx
behavioral1/memory/3016-650-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mauritius.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPDMCCore.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Mail\wabfind.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmlaunch.exe.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cuiaba.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPDMCCore.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-gibbous_partly-cloudy.png.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvm.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Speech.resources.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\settings.js.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-charts.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Other-48.png.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Media Player\wmpnssci.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\js\highDpiImageSwap.js.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\send-email-16.png.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.pb_2.3.5.v201404071733.jar.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\css\flyout.css.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent.ini.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\6.png.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vienna.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe

C:\Users\Admin\AppData\Local\Temp\1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
"C:\Users\Admin\AppData\Local\Temp\1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe"
1⤵
- Drops file in Program Files directory
PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
68KB

MD5
6fe5d2ec7171a54cca90be8d688fc115

SHA1
077d08a21327c1c7ae909f9adaac82c57b7222f7

SHA256
427af853cd5fa12288c88f1d4f8575182e9d2dceb7a2ac798b248bd26bbd5d2f

SHA512
e869581e0b78cb166c1c23af40ea08be7c42f30e559103b0be9fe986cddfdbb97988087ad1d953fc0c8c427d863d4cf86ecff18e437a65028b765c1ef1d19359

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
38efe4eeb80590ce52fc0a022e3b90e3

SHA1
d443c839141e60c948afbe1f60f24a37d9c35635

SHA256
18be333d37d537ee66734f5a39c19daf4842ad07bdd4693fa2f7499d49ec8fad

SHA512
356853ed5254bc25dd7ceb5d2c8a6dbca5f1f6c6d7f6e34c046da30efcff405e7eca9399b8d8b758d7087497c3dbb505d723dfff4ca609b3d9e02a322134b3c6

Download Submit
memory/3016-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3016-650-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads