5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
09/06/2024, 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
Size

45KB
MD5

963d5f40ecbfb2d8366b9a6add324416
SHA1

0837e1a2ac7476a31a4d059e03dc9514e272b860
SHA256

5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9
SHA512

00b82d08434ed8f7bb701b0933efd7159ed9288c348dd2b52e5e1779fbbc1c0b9ee35d88a9903cb4609059f416d967d98172d8bb0a4e2e4c4d38625b93a944c8
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzb:CTWn1++PJHJXA/OsIZfzc3/Q8zxEU

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3786) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/616-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000b000000012286-2.dat	UPX
behavioral1/files/0x00020000000106a2-6.dat	UPX
behavioral1/memory/616-86-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/616-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000012286-2.dat	upx
behavioral1/files/0x00020000000106a2-6.dat	upx
behavioral1/memory/616-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\MANIFEST.MF.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\reflow.api.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_livehttp_plugin.dll.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPDMC.exe.mui.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Luxembourg.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_zh_CN.jar.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Windows Journal\de-DE\Journal.exe.mui.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Windows Media Player\es-ES\WMPMediaSharing.dll.mui.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\Hx.HxT.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jre7\lib\jce.jar.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-crescent_partly-cloudy.png.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_hail.png.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\WET.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Mozilla Firefox\softokn3.dll.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgradfun_plugin.dll.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_m.png.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEODEXL.DLL.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MyriadPro-BoldIt.otf.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\main_background.png.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api.tmp	5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe

C:\Users\Admin\AppData\Local\Temp\5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe
"C:\Users\Admin\AppData\Local\Temp\5b6c90d4218efbcff1ed4dc63009176540db06d5acd21ee538d8216a162aa3a9.exe"
1⤵
- Drops file in Program Files directory
PID:616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
46KB

MD5
e199e85f3c40c0dd5c080767994cd5ef

SHA1
31de4cd1ded1392cf0be8b8324a69b66050d96e2

SHA256
25a7a180f34ed7280771e301ad1bf30f30524c43e039a2810be64c80b72bc7df

SHA512
9df87b91787bc903f641802d3fe819ba51fba80f149bfa4e25839faec6622fed341d1ff811674c550890e675b52b4e09887ba1029c8a781bcfa6702444bad7ba

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
55KB

MD5
caeb6d9706402d5237745683ad991e71

SHA1
500d9ea20ca2bb3979d4abefabcfea6f70e45b56

SHA256
c4bb4930a30d1c84d88fa48b8c4c269008d7a907689c64b3a7c1368d7ef68203

SHA512
b061b5815760a238de5a47b7f0ceceef8395ba5d78945ce6b4c14124f3d43d507092d88789b89046a821fa48fa869f418479f5e56c0b19f193b82969c5542c21

Download Submit
memory/616-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/616-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download