a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 01:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
Size

69KB
MD5

e9103528fa45838f90973c40dc9ab739
SHA1

9a31fc28ddf3acb98d35e3e03ef4963faf931d4c
SHA256

a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69
SHA512

6bf32ef0ed6f7f732d7232fc241ff10c0ac0668bb293624746fcb108417decfbba5aeb66de8e3c2c8debbc461532e3b422f4d0cf25b479794d38ff54d478c4f8
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8NCuXYRYc:fnyiQSoDuXuf

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3440) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/1700-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000f000000012324-2.dat	UPX
behavioral1/files/0x000b000000010623-6.dat	UPX
behavioral1/memory/1700-644-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1700-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000f000000012324-2.dat	upx
behavioral1/files/0x000b000000010623-6.dat	upx
behavioral1/memory/1700-644-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Windows Photo Viewer\fr-FR\PhotoViewer.dll.mui.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\15.png.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_ja.jar.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\gadget.xml.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_drop_shadow.png.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\settings.css.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\picturePuzzle.css.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-lib-uihandler.xml_hidden.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Brussels.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Engine.resources.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\vlc.mo.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\gadget.xml.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Mozilla Firefox\mozavcodec.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\weather.html.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Client.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\VideoLAN\VLC\locale\si\LC_MESSAGES\vlc.mo.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Windows Mail\fr-FR\msoeres.dll.mui.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\js\clock.js.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Athens.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\gadget.xml.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\es-ES\SpiderSolitaire.exe.mui.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Client.resources.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\servertool.exe.tmp	a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe

C:\Users\Admin\AppData\Local\Temp\a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe
"C:\Users\Admin\AppData\Local\Temp\a9f8c16797903e84eb9ba42300ea2b8a305530aaeb96acd3c7091a4829521c69.exe"
1⤵
- Drops file in Program Files directory
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini.tmp

Filesize
70KB

MD5
05d1689a41be09182228664980c6051c

SHA1
98d1bb8db2dc12dc52ebd43500786b7ceb7a90fa

SHA256
ef37f507c92dc343845852a7290ad7913fa34b57c58abb28c2e84b00e147f94c

SHA512
e9a020b8a18326ca8fabddfef8220c2aa6ffaf1ba88ea05937b1659d2440b179781afab9899f8cad65069b774f0e8e9b3f186d11a14193583e6bc249b6e4fe52

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
78KB

MD5
8ba0b6934a0ce47eb3650d7bc08c3bee

SHA1
36c4d69165072ca9621440589b08f249ae2671cc

SHA256
8775e996987b0bb6cce58d7870db37de8634faa420efee7d832804d849d5eea4

SHA512
d4bd886710301941de0e624cf85c1f5d4d81736ec39d4c1a4194f8a825884a40172b3d73481bed8e49f347b53adf46b6d4e7d470d1de9a1f96b3524d028573ea

Download Submit
memory/1700-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1700-644-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download