38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04-06-2024 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
Size

751KB
MD5

207b401ecabf0e8a44f903aca2ad3df8
SHA1

ef693d5ff3b4ee3b482b5400522bb4a8757f54fc
SHA256

38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79
SHA512

f5caa2500653f80d051dfb10b3171163fe7d8c74c6503b43a11ae22e759d2ad9c06102793822d0cd0753e49bd1b3956b01fc382c9259b708bdc6570707789991
SSDEEP

12288:IAIuZAIuOVdo4Mxdz68XUdWnGsTefBAZUNHPK5ywHeG5QuKfeoy7UNCfwnmoeAIM:NVdo4Mxdz68k3IESsJVdo4Mxdz68k3Ii

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1354) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/1728-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000a000000012286-2.dat	UPX
behavioral1/files/0x00020000000106a2-6.dat	UPX
behavioral1/memory/1728-162-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1728-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a000000012286-2.dat	upx
behavioral1/files/0x00020000000106a2-6.dat	upx
behavioral1/memory/1728-162-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.zh_CN_5.5.0.165303\feature.properties.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\file_obj.gif.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp	38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe

C:\Users\Admin\AppData\Local\Temp\38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe
"C:\Users\Admin\AppData\Local\Temp\38907ec90fc4a2fa4e73a838ff05e802bafbfcf0300ffef1d2c7257846851d79.exe"
1⤵
- Drops file in Program Files directory
PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
751KB

MD5
2e81e9dda8a13ba447bf47deb31b1150

SHA1
d02ee3dfe21049d06684f3c874bd28ef2f6eee0f

SHA256
c3e01b90daceddd7acc8f5504227ff4e41ec515534eee74dff1d439e4b029cdc

SHA512
41d6136cea36978823714400b14d54f2b00c207451e1443947bb838e06b66ea6d9b8ab86eab251e5e759c109989732b2685df05c60e22afc6e55ba4b6b3ef498

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
760KB

MD5
1a2970730acdc311c30f79d18571dc7c

SHA1
966f1b325d7f96ef50f03cadafa9a9e8eadcb435

SHA256
0d67289b13b4948853a5422ebdd4cf1e8769e34401a966cfe7b76e6ed51e83ff

SHA512
60452a539e7542b6c97e146031e0f51aafca7657992481d7ec3a9e4cbd264d33e1bcb0cdd2244902b7419515abdb1e0555e05f829c634847f8be4e02be91746f

Download Submit
memory/1728-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1728-162-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download