Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
11-06-2024 01:39
Behavioral task
behavioral1
Sample
a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe
Resource
win10v2004-20240426-en
General
-
Target
a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe
-
Size
80KB
-
MD5
7f5cbb22e110840f854e9c0971ac1d65
-
SHA1
e761f30b25a336e40e7c79ef6d644c710dc66d83
-
SHA256
a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee
-
SHA512
dc316e3d9842128821d1b515fe180e6953d623c4709c3fdf28568df1fcbbb311f4ba0261a472d39c00ec2ab11462406dc8573acf8a3bc7a2d680e99a89e68008
-
SSDEEP
1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsTq5q9BVI2Il:fnyiQSohsUsWU9BK3l
Malware Config
Signatures
-
Renames multiple (3534) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point) 4 IoCs
resource yara_rule behavioral1/memory/1984-0-0x0000000000400000-0x000000000040B000-memory.dmp UPX behavioral1/files/0x000c00000001450b-2.dat UPX behavioral1/files/0x00020000000106dd-6.dat UPX behavioral1/memory/1984-650-0x0000000000400000-0x000000000040B000-memory.dmp UPX -
resource yara_rule behavioral1/memory/1984-0-0x0000000000400000-0x000000000040B000-memory.dmp upx behavioral1/files/0x000c00000001450b-2.dat upx behavioral1/files/0x00020000000106dd-6.dat upx behavioral1/memory/1984-650-0x0000000000400000-0x000000000040B000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-hot.png.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.json.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext-down.png.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_Undocked.png.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\fr-FR\calendar.html.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\2d.x3d.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\timeZones.js.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\7-Zip\Lang\ka.txt.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jre7\lib\zi\Asia\Tokyo.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-common.jar.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\icon.png.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.STC.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_ja_4.4.0.v20140623020002.jar.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\epl-v10.html.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\cpu.css.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\settings.html.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Java\jre7\lib\ext\access-bridge-64.jar.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Windows Media Player\de-DE\wmlaunch.exe.mui.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_disabled.png.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\VideoLAN\VLC\New_Skins.url.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe File created C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp a92e75f4d614847e1d8957bcb1940e20e6f1b8d80c987a6216cc9126cdc86eee.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
81KB
MD578cfc89473df222e9f99e89262a38cfb
SHA191eaef750e48ea72d214896244993d13cdef4dcd
SHA25617f2718016f4e90cdcd06b752fb4541c280789cb1f8074e8330069a53dfb73c1
SHA512992d56646000e0583894555c079ff176684878621d9f71d762418eb837e4fc32a42391e0c776cf340e5e9b0b35fd61535990034b466138b5caf27f1be8cdec8f
-
Filesize
89KB
MD5f2b0eddd0cd10a3bb6d9a62eeb1711c6
SHA1ad41dce423daf235ae41d76539d3701fbcc18289
SHA2562c4006ea1c85bb1ba53ec06d7d962fc1afddebff56e8101f746ed38db5f7a863
SHA512f664aa420b52489d36cf2b37ec8537356e851d170ba005cf786604c76725c012c9a3537f978b52d8a013366ecd6310cc7f0d7bb81ea38b7cd3ef790095e55fcc