dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 05:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
Size

118KB
MD5

93e828f97b63b00913a534ee8e59fb04
SHA1

d643cc4724784660d3e8f1db84c380f53b016128
SHA256

dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110
SHA512

053c60eca9cbdd4c426419b0617a0cba32c8c3761719e323b7dc862abe059e7b8713899f141633803300455aa0820b84756bafcc154aaaab148f17b5a438a9ba
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfliY:hfAIuZAIuYSMjoqtMHfhflixit

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3456) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000500000000b309-2.dat	UPX
behavioral1/files/0x0003000000010440-6.dat	UPX
behavioral1/memory/2364-86-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000500000000b309-2.dat	upx
behavioral1/files/0x0003000000010440-6.dat	upx
behavioral1/memory/2364-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nn\LC_MESSAGES\vlc.mo.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_bridge_plugin.dll.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7Handle.png.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_zh_CN.jar.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jre7\README.txt.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Windows Defender\MpAsDesc.dll.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\js\calendar.js.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Entity.Resources.dll.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santiago.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host.jar.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPDMC.exe.mui.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_stl_plugin.dll.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libvod_rtsp_plugin.dll.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yerevan.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe

C:\Users\Admin\AppData\Local\Temp\dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe
"C:\Users\Admin\AppData\Local\Temp\dcd8ebed00b54d09fdce4a2d6c2a9f5d3bde6a3f1fa98e229cc519f1932ce110.exe"
1⤵
- Drops file in Program Files directory
PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

Filesize
118KB

MD5
2a4b572f875e07fdd7c273d9ea81a8d9

SHA1
075f9a702e884bdf029e5da30350933fc662e712

SHA256
687cab8cc2bfcaaf78eea1c4657382dcd7c13d05be08232bdfd4c2ac4a90675c

SHA512
a824fe9c190cd2bba2859eb574330784f912f3a3973736542c77f5d6d8b623816177b954e6af23da13101b015998f09c4dc413eb408c3e6dd20ef8526b5391df

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
127KB

MD5
f2bdb3957d54a3a1ba7c5cd87a4c6ef3

SHA1
1802364d9d32204456e5414af1cde959628dac36

SHA256
9b75e3d7b91d6cc7697a74353e6fa3a7cbb511a109fb46264570685330e8418e

SHA512
025927c15fa8ca44c33432b7f96002417dfd548bd65d7bc0ea5448ed255510a68e2eda96f396308f6b5245f4c5fdebabf76220089e915994f3a860b38d4b8222

Download Submit
memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2364-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download