4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 21:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
Size

116KB
MD5

3c2966dfa2a0fe2b216f36760e529cf5
SHA1

2333d840aa905f60e1993308a2ec595c3e101960
SHA256

4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43
SHA512

7406ee48ad98bdf808d908003dce6de16c3b09b90beeea48f70d78b6024c13ee73a8ab0ae09f903240186ac8fc81531d4f96420c0944b371e11dd67c972b119c
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hflix:hfAIuZAIuYSMjoqtMHfhflixio

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3444) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2344-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000c0000000143a8-2.dat	UPX
behavioral1/files/0x00030000000104b4-6.dat	UPX
behavioral1/memory/2344-76-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2344-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c0000000143a8-2.dat	upx
behavioral1/files/0x00030000000104b4-6.dat	upx
behavioral1/memory/2344-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libfingerprinter_plugin.dll.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Thunder_Bay.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jre7\lib\management\snmp.acl.template.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-progress.xml.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_transcode_plugin.dll.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnscfg.exe.mui.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Windows Journal\Journal.exe.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Midway.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Auckland.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_av1_plugin.dll.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe

C:\Users\Admin\AppData\Local\Temp\4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe
"C:\Users\Admin\AppData\Local\Temp\4f5fcac5eb0bc0f178e4e79f1d05d2e12e9b4c4a13f6727b2af07a34c0434a43.exe"
1⤵
- Drops file in Program Files directory
PID:2344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp

Filesize
117KB

MD5
2d15d4cd940ce64cbbb92769309c449f

SHA1
a6ca6e64dd0c266433a5e8cf7733c27f3685805a

SHA256
dd7604fb18ed9b2d4bf52625582cdbd35dc4e354e2862d3506fd9e65581b91b1

SHA512
c1cb5a33844b68a01b486f703945cb632e75436cacc9c8b8e1a98f54345ac913af688a94a80f214aeb2c360ad14e9b9540723a2f32db020c640f08af19ec2afe

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
126KB

MD5
ee43c6c34ae4fdb709504b6fce1c217f

SHA1
f1763192439a51396febbe104fe3ece9d6ac0831

SHA256
db9c3a713fed45253565fa72b841fa6d2ec1f5ccd547f64cecf36ae437db2688

SHA512
537c17098bab7a9a6f6c55fd5744243b9b25e41f2355cc2d882e586ac30b8fd16ace3fee9f3c3d7268d41fcbde2b367ee8ddb18cc2c6c9e32e6c0bc8f9b86170

Download Submit
memory/2344-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2344-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download