d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
28/06/2024, 03:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
Size

59KB
MD5

8d1e3dd53fddd6a2e06a28fb175bc1e1
SHA1

56acd6f0e35d7d906d268792b3817c249fd8ffab
SHA256

d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7
SHA512

3586c487616b8a15080f6213c8350c94e219a8aae6ddd229033f0f5ce04705ccc645ccaa6cb22e8f3053dbc2d7f7057c64bc15f88cc24e98be6d62f84ecc725e
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzK:CTWn1++PJHJXA/OsIZfzc3/Q8zxA

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3758) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2280-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d00000001230f-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2280-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Martinique.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Dublin.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\telnet.luac.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Internet Explorer\F12.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sa.xml.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-hot.png.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.xml.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty.png.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dts_plugin.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+8.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\xlsrvintl.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_up.png.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\greenStateIcon.png.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\settings.js.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\micaut.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Berlin.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\gadget.xml.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Resources.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows NT\Accessories\WordpadFilter.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)grayStateIcon.png.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cgg\LC_MESSAGES\vlc.mo.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ky\LC_MESSAGES\vlc.mo.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe

C:\Users\Admin\AppData\Local\Temp\d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe
"C:\Users\Admin\AppData\Local\Temp\d97eb36a0bf8bf96862b3615217c95f147b662aaa3e0624aa57b28b51719b4e7.exe"
1⤵
- Drops file in Program Files directory
PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
59KB

MD5
147877f3a85463f78f447f8d6c4462a0

SHA1
abbb13ee14b98d0f288d668cd85a6cf9ec110dc7

SHA256
293eef730eea139d6d61783b919569cfaaf98bc5b21aa94dc89404eecb3d414e

SHA512
0a056881b2f018e939b27f05ef1cc50771418b612a6a30f03b4f291dd94192798b4fb3f7b72d4ee3202d8af73451fb1fcef5579f3dcbd413ad568a26478d9751

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
68KB

MD5
118b1099415e032141bfb60135f96bea

SHA1
02de944e24ee9d6d254f08ac88bb493eb74b898f

SHA256
d3e1a4e48b48a46919de40fe05cece9b8bcf3c52b3b29d45cf594b70279a7de3

SHA512
b88a8e27f7fa364e43c49c23033950d30e8081916b9aca376c3fca62bbad7bc7f45167c3abea65b944a21c1c2028bf92127f0e24e1380b7ca235eb1944ad6851

Download Submit
memory/2280-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2280-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads