e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29-05-2024 03:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
Size

52KB
MD5

7b2a015924d0c41732211c970b575344
SHA1

0d1fd47a80a14ccef3eb264e09e6754be3072387
SHA256

e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077
SHA512

8a8a7198d4b116cfb0694cfc954579cd64d28ff6a8b9ca3a6c8a114ee68dd4dc5da780d492ad9e054a61d598edcd94b73ff56e540832eaf617cec4efb38acc81
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzD:CTWn1++PJHJXA/OsIZfzc3/Q8zxx

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3705) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2056-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000a000000012280-2.dat	UPX
behavioral1/files/0x00020000000106a2-6.dat	UPX
behavioral1/memory/2056-86-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2056-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a000000012280-2.dat	upx
behavioral1/files/0x00020000000106a2-6.dat	upx
behavioral1/memory/2056-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\picturePuzzle.css.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Costa_Rica.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\drag.png.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Irkutsk.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\DigSig.api.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansDemiBold.ttf.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\init.js.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\gadget.xml.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Internet Explorer\Timeline.dll.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net_1.2.200.v20140124-2013.jar.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoAcq.dll.mui.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_dummy_plugin.dll.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Media Player\WMPDMCCore.dll.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libimem_plugin.dll.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\js\calendar.js.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Defender\it-IT\MsMpRes.dll.mui.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_m.png.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\slideShow.js.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\settings.css.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\13.png.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-Bold.otf.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe

C:\Users\Admin\AppData\Local\Temp\e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe
"C:\Users\Admin\AppData\Local\Temp\e34d46115b71a46c8b4aacc04e149f7853051bd978e8108317ef133d63992077.exe"
1⤵
- Drops file in Program Files directory
PID:2056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
52KB

MD5
cfa72ba33926c7c6534e55ea1f432231

SHA1
ac98832b49e5a79ffdaacdce82e2ca077e9fcfb2

SHA256
77f47025133bbbd670e24cfdb0d5ef1ac1ccdf1d0a3f08137b9fc49efe041572

SHA512
0139bb6c3e3a57f3a6295fa0ed970fe82f05f4c531603036f456bdb40cc8ac05fe32487f4dab684c86afe68a6ebaad47b7b8d04fc4f5ce137f7d950cfff7822a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
250748b65a189c09af68bf6db97fd241

SHA1
5c32f68f99cfe9c7daec97c4e4be2c4065f2fba8

SHA256
b6972398a9c9f3445da65a191469ebe01fb824dd52c6e37a91ad210650006e63

SHA512
ae96c4a1f95e2ffbdc67fe1365086da05c5f2a163ec6dbff9b58bdfe26a0865ccf8cb26d39678a9ef9fba6412b686ffc22c79418f280d848dbdab7fbad8a07e6

Download Submit
memory/2056-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2056-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download