Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
14-06-2024 18:14
Behavioral task
behavioral1
Sample
02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe
Resource
win10v2004-20240508-en
General
-
Target
02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe
-
Size
45KB
-
MD5
900deeb55fb3e593a0eec010aaef3ded
-
SHA1
61938b6177a507e31c8a07ae2ad2fa14c16e07da
-
SHA256
02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba
-
SHA512
7051c3ec724823b462fd6b2757e44b869da80832e7fc6e2ed7f636f7b302f8be55312b43fe9b85a4bc42416f1c3f7a42cf87d3f35a74ce8612fedd27fd77026c
-
SSDEEP
768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAF+A:CTWn1++PJHJXA/OsIZfzc3/Q8Oy3
Malware Config
Signatures
-
Renames multiple (3743) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
UPX dump on OEP (original entry point) 4 IoCs
Processes:
resource yara_rule behavioral1/memory/3056-0-0x0000000000400000-0x000000000040A000-memory.dmp UPX C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp UPX C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp UPX behavioral1/memory/3056-86-0x0000000000400000-0x000000000040A000-memory.dmp UPX -
Processes:
resource yara_rule behavioral1/memory/3056-0-0x0000000000400000-0x000000000040A000-memory.dmp upx C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp upx C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp upx behavioral1/memory/3056-86-0x0000000000400000-0x000000000040A000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exedescription ioc process File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64_3.103.1.v20140903-1947.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup-impl.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_left.png.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\7-Zip\Lang\de.txt.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jre7\lib\security\local_policy.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jre7\lib\zi\America\St_Johns.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_m.png.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\highDpiImageSwap.js.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jre7\Welcome.html.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_chromecast_plugin.dll.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jre7\lib\zi\MET.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_wav_plugin.dll.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows NT\Accessories\fr-FR\wordpad.exe.mui.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jre7\LICENSE.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_hail.png.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-visual.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jre7\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Defender\MpAsDesc.dll.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\css\clock.css.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\DVD Maker\sonicsptransform.ax.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\settings.html.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\7-Zip\Lang\ca.txt.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.bmp.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\4.png.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\DVD Maker\directshowtap.ax.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp 02ecdd29a76425e7734ddb95585641c50a6aa32acb995ede14ecc28ccff7eaba.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
45KB
MD57fef14269437a3f1df8886652a82422b
SHA1b3dc0f0e612b6a381a24963fa4d07bf75f8adcdc
SHA256d9f20f8179b5934bac1c7d9736721e3aa500f10ae57842915ed6c548ec80e51e
SHA512fc09a31dc1b1a9d6f13bd9e1602ae3c6eeb3bf31eb5300ff5223294ad34da12351450f143f903ef04ee327d1f72e1c9ff8bcdc669dd5ffd61f2164c18631685c
-
Filesize
54KB
MD5ee6e2fdede17879ce6fd1adaf4ad41cc
SHA1cd7291cf0d793143c885ffba82026ff0ca43f08e
SHA256124d7c6752479be8595b9399536167361783287c58cc62c5a87faa523c346d9d
SHA512ea84cf580339d479a9d32a93554eb1b3a16713b952f66c1d1ef9320c76c0fe5c7b0ada92c9c601365ebe416071663b58974ea559a05a5bccc323f6e6f77520c2