a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
Size

165KB
MD5

82aa132a94d3d8439cdd950fefa887df
SHA1

13a3ad819ede8226df4184f120f2c1dee3349c4d
SHA256

a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b
SHA512

43eafc0a9faa87d6c587211cfe5dd54e3ab752e94f5cd16d2ebaf22442727d0eca2addbd0cfeaacd3701e22fbe120c104990e2ef511c80a0c8d3ba860eb07417
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q1pkMJ+ZGtK1+ZGtKQNMdTajOtGtU1wAIuZAIuJBn:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuX

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3185) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2352-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000b0000000144ac-2.dat	UPX
behavioral1/files/0x001c000000010439-6.dat	UPX
behavioral1/memory/2352-74-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2352-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b0000000144ac-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/2352-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thunder_Bay.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-io-ui.xml.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector_1.0.200.v20131115-1210.jar.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\RenameInvoke.raw.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-settings.jar.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\UIAutomationTypes.resources.dll.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Cayman.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Microsoft Games\More Games\ja-JP\MoreGames.dll.mui.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp	a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe

C:\Users\Admin\AppData\Local\Temp\a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe
"C:\Users\Admin\AppData\Local\Temp\a2a31091ff9d017223dc961a64fa2d2b07b560b5fce5e7c4376437934089c82b.exe"
1⤵
- Drops file in Program Files directory
PID:2352

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
166KB

MD5
1cffd36829d5bd8c73c90778d2946045

SHA1
8bd1373ba952aeb2e3fcd18efb83dc36a7483fcd

SHA256
887665405695ad2a1c41dd106b54a67ec805bc9f6a9e41f0f7f9a331000e54b8

SHA512
d43181231d67268d1b1c892d9bb83d874f3912b317750c02ec575780243596503ee82acde3ed50daf4dfbc8c8168bc84e111bb5c009ebd2b56022431e6c53c81

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
175KB

MD5
50a467307f1c04e504521dcb87d578e6

SHA1
94fca2fe566fa503d3cac48e752e7612530a48bb

SHA256
d74f0da1ad03a605bd02545df52efb1c7b0e99e8a35982a52754500d8d92bfbe

SHA512
1ace1aab958bc2a90f6f116303871e6cd4411e145dc923bc856909c43539b2db51a7ede366d7e12e7d6f305bf967846ab91829798f3c2681c418aadfd933cee3

Download Submit
memory/2352-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2352-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download