879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
Size

49KB
MD5

21bdeb00fa97428d671d8d05031ad2ef
SHA1

bc06ee67d547cd7f15765c00e0d96b3a9a2a842e
SHA256

879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde
SHA512

724b99b37fcef3445fd2403fae6eb4f8a0464bd7bf3f34904d8a5df27d071f7602e9cf7305d75356f3150fdf517e093466a71a3dc9529d834011ad0f8dc80ea7
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFz3:CTWn1++PJHJXA/OsIZfzc3/Q8zx9

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3767) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2912-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000b000000014457-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2912-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_ef8c08_256x240.png.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActionExceptionHandlers.exsd.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_zh_CN.jar.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\20.png.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.STD.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\library.js.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\dicjp.dll.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\gadget.xml.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montreal.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous_partly-cloudy.png.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckg.dll.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.bidi_0.10.0.v20130327-1442.jar.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\de-DE\gadget.xml.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\18.png.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-lookup.xml.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\SY______.PFB.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe

C:\Users\Admin\AppData\Local\Temp\879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe
"C:\Users\Admin\AppData\Local\Temp\879c332e797b8d15bb911b5b42f285366235ad53d0640bcd23a34a7b5bf12cde.exe"
1⤵
- Drops file in Program Files directory
PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
49KB

MD5
b4d983af687a925d53752a5771001728

SHA1
b01565cb1a1b844a8dd048b2e03307939e3cf742

SHA256
3972b8287261677710244f8f8f42c71a2615fe89058a716293e2597e2c66ee74

SHA512
e5ff1aedc209f448e2ee1219994a87082f01a5ae84254b4b7a647ce5cb5f2c07f8a2917294ed903b3d12504f3719e3816be5155c5c71b423dc575ff6434b53bf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
f421e52630341437b98f781d511f89ac

SHA1
e5b8222aa639c9b59413fa0a11d7e6bf94e35ebd

SHA256
00156f659daff0129837b5514527a8348debd2d21f1e1de73b85125805077a37

SHA512
515102888ee0e1a05a3d3d40d05dbc34083c73a556dd17305685b2aabff46767a9915536ad7bd4382531aa612746121b6dfd6b3fa42382101211b306af5ee2dc

Download Submit
memory/2912-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2912-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads