19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
Size

51KB
MD5

4c7fa30f96af5161686b8065d7dc8028
SHA1

b821118e3c106aef2d48d0044d1dcc491ada8475
SHA256

19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf
SHA512

e57c9a6d484cdd1fc159bf585d50939a0d70e3994ea4a2c6a6acd2ef1965a24a900fac5162cf091fe6c5b33bc2d7b016124aa1c5c6cf7f8391af6fe088765e64
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzS:CTWn1++PJHJXA/OsIZfzc3/Q8zxUkI

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3524) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2076-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral1/files/0x000b000000015d0f-2.dat	UPX
behavioral1/files/0x001c000000010439-6.dat	UPX
behavioral1/memory/2076-74-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2076-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000015d0f-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/2076-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-fallback_zh_CN.jar.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdiracsys_plugin.dll.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_ja_4.4.0.v20140623020002.jar.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Management.Instrumentation.Resources.dll.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Web.Entity.Resources.dll.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\flyout.html.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Sidebar\it-IT\sbdrop.dll.mui.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Microsoft Games\FreeCell\es-ES\FreeCell.exe.mui.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Palmer.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util.gui_1.7.0.v200903091627.jar.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.flightrecorder_5.5.0.165303\feature.xml.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Media Player\en-US\setup_wm.exe.mui.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Journal\de-DE\JNTFiltr.dll.mui.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-execution.xml_hidden.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jre7\lib\security\blacklist.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcc_plugin.dll.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\settings.css.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_floating.png.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\cronometer_dot.png.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\10.png.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_ja.jar.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\slideShow.html.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\picturePuzzle.js.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Copenhagen.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.tmp	19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe

C:\Users\Admin\AppData\Local\Temp\19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe
"C:\Users\Admin\AppData\Local\Temp\19d872cafec60d3c3cf512b6879dd4c351d06a4c04b7f535c31ad911fceb0faf.exe"
1⤵
- Drops file in Program Files directory
PID:2076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
51KB

MD5
d4074f8536b8302c20b15793ea33c357

SHA1
faaa59bea849afbd324a88be33174237d211df3c

SHA256
29f0b90d1aa928b39d20cc0b73682e41661c10c8d6c5a8727a459dd31c7adeab

SHA512
1d73fa4a9cae81210292f9308114fd45c7de9d0e4204f61f7966a205b631ed4dcb17571bade5ae3d3293402d9a5d0c98083c5a2d03b07a527e5a790b9e88ce4b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
c1834d92a5809a3e90d9dd5afa72db86

SHA1
e296c6698cde086f0d3226a1239988e502d3b5c1

SHA256
7c7151fc20f347724bb06a4240f92064b4c9778ec8774d50640d0f45eda9f0be

SHA512
9030fe859eb95e78cc635ad943c6c67f1d7e619412e0b2fa1d5954093dbe29c2936fb1c89facf22d7503d32ffbdf8cea1dd46836add60194c3ac36d959effc01

Download Submit
memory/2076-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2076-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download