009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
20/06/2024, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
Size

118KB
MD5

f20fa9bc53fd53311d7529829989d98d
SHA1

d86ecaed0c5516479589ba82338ad27685a41456
SHA256

009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73
SHA512

2e8838630c4b578042cc55ec0934948b734e0f30328ead4571223789b7b46e4bfaa977204534b3cbc5c2bcc1651726d067974858a7a595ef3fc4a188e35b0aa3
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxSLKr0ARZF6NFVogjQlRv/NPxz:fnyiQSo5LzwUhQ7Xhxz

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3433) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral1/memory/2484-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral1/files/0x000500000000b309-2.dat	UPX
behavioral1/files/0x0003000000010440-6.dat	UPX
behavioral1/memory/2484-608-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2484-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000500000000b309-2.dat	upx
behavioral1/files/0x0003000000010440-6.dat	upx
behavioral1/memory/2484-608-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\boot.jar.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\it-IT\Minesweeper.exe.mui.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\VideoLAN\VLC\README.txt.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jre7\lib\management-agent.jar.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Windows Defender\MpRTP.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Windows NT\Accessories\ja-JP\wordpad.exe.mui.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7TSFrame.png.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Gaza.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\VideoLAN\VLC\locale\an\LC_MESSAGES\vlc.mo.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterRegular.ttf.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_mmx_plugin.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPSideShowGadget.exe.mui.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Mozilla Firefox\platform.ini.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\VideoLAN\VLC\locale\oc\LC_MESSAGES\vlc.mo.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\VideoLAN\VLC\VideoLAN Website.url.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libclone_plugin.dll.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\Windows Mail\de-DE\WinMail.exe.mui.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe

C:\Users\Admin\AppData\Local\Temp\009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe
"C:\Users\Admin\AppData\Local\Temp\009554f1d6d3bb3451b33a4a0528f2462188b02055bc3bc6f96649e3a69ddd73.exe"
1⤵
- Drops file in Program Files directory
PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

Filesize
118KB

MD5
c8afc4fdee522f05cf8b7559e10d0772

SHA1
cf6c92355554d5d09c21ce22287655b266145417

SHA256
3899722220b2ae89fedcbd302f22eb9801f32ba7036ee1d58cfc22fb04a7258a

SHA512
0b25d75f6016b1df46e172899b05692aebb84cc495e2d98233bc3eaf536d9551ddfb8fb85067d9b58a24b99bfdb4ce2184ff2228e3dafecaf33b82173d18cfc3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
127KB

MD5
28bb2025d32e62a0bee869a98e058449

SHA1
b015f1d7f8a16f1fa2d970513f5a45299c145a17

SHA256
cb0f0ebbd8c74dd506495f7934b226f395d8afcfc4620de49d63e0c4608aa695

SHA512
54117c7c26b260f2112ac10f415b82a510f114308787e30e2a707a9d3cb9a5bbee0ad370e2e3d3dffcb8f4e56011acd004f3e73ab45c2c6c77f696d5d68bcae9

Download Submit
memory/2484-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2484-608-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download