cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
02/06/2024, 02:49 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
Size

71KB
MD5

924823d2d6ecf7aee10096f9ec44c25e
SHA1

30cd8822a6647f14f17e38568e4edbdae38e25b8
SHA256

cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6
SHA512

93b856c76668dd7d50f5c62c3952974048fe965a48832fd4491aebb08ff546dfc7710bbe798e71a4018c1ecf3cd706f65716e762221dbc5685957d0a048b1640
SSDEEP

768:67Blpf/FAK65euBT37CPKK0SjHm0CAbLg++PJHJzIWD+dVdCYgck5sIZFmzWzXUK:67Zf/FAxTWY1++PJHJXA/OsIZpPEIUu

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3508) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/992-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000c000000012279-2.dat	UPX
behavioral1/files/0x000200000001048e-6.dat	UPX
behavioral1/memory/992-652-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/992-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c000000012279-2.dat	upx
behavioral1/files/0x000200000001048e-6.dat	upx
behavioral1/memory/992-652-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssui.dll.mui.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\alertIcon.png.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Noumea.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.DataSetExtensions.Resources.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yerevan.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AGM.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Windows Mail\es-ES\msoeres.dll.mui.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-6.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\slideShow.js.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.zh_CN_5.5.0.165303.jar.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower.png.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_zh_CN.jar.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\css\currency.css.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgRes.dll.mui.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe

C:\Users\Admin\AppData\Local\Temp\cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe
"C:\Users\Admin\AppData\Local\Temp\cbcfd6b5c1e1aeb9dcd174e7a221231b2895658489e241c542bbee27e2e670e6.exe"
1⤵
- Drops file in Program Files directory
PID:992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

Filesize
71KB

MD5
bffa15948a2b8914183291fceb95f981

SHA1
73496668c46ec4c42b3861ec68a95c534f2167bb

SHA256
36a0050188bd389f03285a01ae65766a6d95505fa9d78c90aa1cfec7aeb9a67f

SHA512
62c4ab2c49779d0f78dfbcdb41b77bfdd6c846dac62c2f084bd687e87ed4bddf2b5e8df218e88e35b5d39f78624d04e92395949a3d31520c3f0f7419ec46571e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
80KB

MD5
1ada76d54782e28e5832d8d8d4bc96bb

SHA1
727958d4fafe52828e8048ceb537b24ff75f9bb2

SHA256
6dc622129858fd46af1f6d8934c04e029a2d04732d7131b1d3c430dbed0bf4c3

SHA512
4f7f9729163583d305b0719095449cafb8ec5e41ed5cffd66f19f7577cc0dfe44001d01f6ca196828e6b94a41742ebb52a874258acc9d1776d126ca26abca176

Download Submit
memory/992-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/992-652-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download