67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
Size

138KB
MD5

5ec2ca34485f0ee837c82fd0b17226b1
SHA1

022beb9d53f784b3f38cc72df9ef0ef5f929c9e3
SHA256

67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4
SHA512

3ae1b4a3cc1f42c255b664d39c953c40ccf04b20c9f48046540ee7ca8b5d8715c4c928d1e9581480b35bea968dde66a23b07b71125e2a40643bfabbb9639fd13
SSDEEP

1536:V7Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSC1:fnymCAIuZAIuYSMjoqtMHfhflixi8

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3083) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/360-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000a0000000122b8-2.dat	UPX
behavioral1/files/0x000200000001048b-6.dat	UPX
behavioral1/memory/360-402-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/360-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a0000000122b8-2.dat	upx
behavioral1/files/0x000200000001048b-6.dat	upx
behavioral1/memory/360-402-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Louisville.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-favorites.xml.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_ja.jar.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Selectors.Resources.dll.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IdentityModel.Selectors.Resources.dll.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_zh_4.4.0.v20140623020002.jar.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\VideoLAN\VLC\locale\be\LC_MESSAGES\vlc.mo.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClient.dll.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tl\LC_MESSAGES\vlc.mo.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.IO.Log.Resources.dll.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+9.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\VideoLAN\VLC\locale\fr\LC_MESSAGES\vlc.mo.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\vlc16x16.png.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.filesystem_1.4.100.v20140514-1614.jar.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp	67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe

C:\Users\Admin\AppData\Local\Temp\67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe
"C:\Users\Admin\AppData\Local\Temp\67ab2d61dcf5e7de7ea098fb4a9e17e82cadff490e8c61bc7450162ca29eb4a4.exe"
1⤵
- Drops file in Program Files directory
PID:360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
139KB

MD5
c03a1e36922c772f81e50fb6dab86cdb

SHA1
974bdfd2f883457929172df765cb24f9edf89145

SHA256
66c03a7647506d3ffb5e1c36a9e4623c5ba867fb0b2a36dbb2812ce2a5d4388f

SHA512
434e54474b7bbe573c731a3a934d389881d8176fe86b632b78703b78cd763ef26024b7a9545ddd94d2116b468dd12cb7e3bd6e299b8a0e607ed9cdabddc4a477

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
148KB

MD5
add709a0551cf30ced795028ccfb4cb2

SHA1
7f8ef18b19d709800d4daeec52b6312bdf224625

SHA256
1bc117146f39d8ffe7510dc7a70aeea723a315804fed32a47a7a8c287532d73a

SHA512
e5baf5bd176448e9340bb5bc84928eda4ec13d9142716749c67b048b45f9382b3dc064bbb8099dc9acc5e7071ffdbe8caaf947990065eed527918cb03d8c2430

Download Submit
memory/360-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/360-402-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download