debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
Size

67KB
MD5

f4ccc7250410e0ea9e27b95b9ebe0a30
SHA1

dfe7808206bd6579ff20449dc24e64e2ae03892e
SHA256

debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517
SHA512

ac6f992212d96d6fca995601dfbe131efb5f9db68ecf8ff5b2af176b3374d754f9ac849000e63a79ff9b4358005a997b73578bef722628da21c9c4c7abb82c38
SSDEEP

768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniXC:a7ZyqaFAlsr1++PJHJXFAIuZAIuN

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3538) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000b00000001226d-2.dat	UPX
behavioral1/files/0x00020000000104db-6.dat	UPX
behavioral1/memory/2364-660-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b00000001226d-2.dat	upx
behavioral1/files/0x00020000000104db-6.dat	upx
behavioral1/memory/2364-660-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\gadget.xml.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\icon.png.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\PDFSigQFormalRep.pdf.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Guatemala.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\mosaic_window.html.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\timeZones.js.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\vimeo.luac.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_hov.png.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Windows Media Player\en-US\wmpnssci.dll.mui.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libglinterop_dxva2_plugin.dll.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_ja.jar.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libsubsdelay_plugin.dll.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new_partly-cloudy.png.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-heapwalker.jar.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-12.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d11_plugin.dll.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe

C:\Users\Admin\AppData\Local\Temp\debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe
"C:\Users\Admin\AppData\Local\Temp\debced1e17201aa410d4dbfb637e359cd8c84619d9fd970f4dc22fb12b9f6517.exe"
1⤵
- Drops file in Program Files directory
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

Filesize
67KB

MD5
9843db99d5ab039de9ce761c971a1010

SHA1
594e5444f343404cb7ee80488a6b76e53c58ff18

SHA256
083dca807864cc23e6884ec842d86fcff686c52965e5c8c0caeaf24dfbe1d6d4

SHA512
8414b5b226a232b6e6955c579b5e79943ebec4703e2485bda1450522dd3913cae341592dfc745bfc2d79375423a635d65d28cd41eeb333543be26e43dce64784

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
76KB

MD5
589a1bcf12bac634514b0bc210d2eff9

SHA1
54167d514854a0db9bb0808117abd50e8fdf082e

SHA256
97c204e0d5668562e9112ca709dc27062c554532d1c8b3fd6e8a058146b162a2

SHA512
9c7a011e892f00b87ce1157d44c98ea5f42665eac8c82c9d3dc7d63151187c1a66cf07b4e529f8358cd3e8e62c215cebed82569a66d57ba1edcab88b713fa303

Download Submit
memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2364-660-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download