b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
Size

40KB
MD5

9133c45c4dc2bc40a8721d6ea5384ea6
SHA1

3d1466aa0edb7880d16b171f8ac10f3b416a69b3
SHA256

b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647
SHA512

add4d293f4de44dbe0d260bed36e3d7c35b3e00ec6650709460acc9215ae8f3900314b4cdfbabf2eba2ef10920418675ecd2982a2767e81f754162d9181402c1
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFc:CTWn1++PJHJXA/OsIZfzc3/Q8c

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3501) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/1676-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000b000000012274-2.dat	UPX
behavioral1/files/0x00020000000104aa-6.dat	UPX
behavioral1/memory/1676-76-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1676-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000012274-2.dat	upx
behavioral1/files/0x00020000000104aa-6.dat	upx
behavioral1/memory/1676-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\cpu.js.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_ja_4.4.0.v20140623020002.jar.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-windows.xml.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libedummy_plugin.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libaddonsfsstorage_plugin.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_h.png.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Windows Defender\MpRTP.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-queries.xml.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring.xml.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_zh_CN.jar.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\view.html.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Mozilla Firefox\d3dcompiler_47.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\service.js.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-progress-ui.xml.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.ibm.icu_52.1.0.v201404241930.jar.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Campo_Grande.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\RSSFeeds.js.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1.png.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-applemenu.xml.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwingdi_plugin.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg.png.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe

C:\Users\Admin\AppData\Local\Temp\b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
"C:\Users\Admin\AppData\Local\Temp\b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe"
1⤵
- Drops file in Program Files directory
PID:1676

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
40KB

MD5
76ab3d96f759f3dfde5d098f813660ed

SHA1
2b73ec15b0dc77375f68f6c46a7479ccfd964949

SHA256
019e4ed223c58f15f5ca1ea6968c198da13763c8decc0de6eae9a23fb482ba14

SHA512
943ea9d457488273e3ce84af16ebb357b2df8fd2703f83cee29c607dd64751b74ee4aa86ef826a787faad45dd4f07e26af007b10034469211fafa7d33859f4c5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
9fe1a0bec639c0570b1d6cc99b3ad659

SHA1
e2348608600ad56a4f6546d7385a68ceac0e7530

SHA256
ad35a4d9f36f1da3ef2a2afda5690a5d56db6663708dc4c76cb0604b360eb605

SHA512
f6282f11513b93fb26afab26bec74fafb0c7988be0bc3b34046e2988cecdff1acb96c986ca685637fc5f2e0c83a4ae0d6297375147a225115f5151d118403163

Download Submit
memory/1676-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1676-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download