ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 04:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
Size

97KB
MD5

3f9b37767afd5cafd9aa095472387fa4
SHA1

7ca3ff6a175a7eda1468e2a1fffe315d06fb7fc7
SHA256

ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb
SHA512

68ebd4f23a31a01043255d457066c28318e4e64b2aab94b7c305bd0aec78ea8d4d5933fab50edfa3d596c84032af260a22b91886c38b21b58b60808e879e1421
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsJOVYd7n97n+tG:fnyiQSohsUsKY5Z+tG

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3467) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2728-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d000000012336-2.dat	upx
behavioral1/files/0x0002000000010679-6.dat	upx
behavioral1/memory/2728-658-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.Design.resources.dll.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_dot.png.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Easter.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jre7\LICENSE.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.DataSetExtensions.Resources.dll.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Mail\fr-FR\msoeres.dll.mui.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\7.png.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Fortaleza.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClientsideProviders.resources.dll.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up_BIDI.png.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Tijuana.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Microsoft Games\Purble Place\de-DE\PurblePlace.exe.mui.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_partly-cloudy.png.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\SetCompress.vssm.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\gadget.xml.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ant-javafx.jar.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\service.js.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-right.png.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm_cmd.xml.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\library.js.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp	ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe

C:\Users\Admin\AppData\Local\Temp\ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe
"C:\Users\Admin\AppData\Local\Temp\ddfdea201fe17ea90bee5794596bda9e474186fe898d8da90b82d97da721bbcb.exe"
1⤵
- Drops file in Program Files directory
PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2721934792-624042501-2768869379-1000\desktop.ini.tmp

Filesize
97KB

MD5
eabea8fef7bae830df4dbd193d6e1c65

SHA1
241a79f991c5f5229a415dff87bc4c90b6b3a9ea

SHA256
6aef44bf32b3c575e1db7b84e204c79fdd683716c5d9aa253394144fefb0413d

SHA512
bc8381d257bd0349de84a653bed6a8f20e22dda2daaf9c775d5fa5700bf8e88d3338a3adbb79f38ca994a31da4eaa808a63f12e27b8619f8ce798e13b56f34be

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
106KB

MD5
57acd12d2bd5885027cdff3c109b39fe

SHA1
052e67e94f9a72c078c6fcf45304bb17d0e8fa76

SHA256
1d1df61ebcf168cfd559ad9c803831b496ff00ee83e5cafefa9985b3bf4ec9cb

SHA512
6a355c4fcd92de9b1a8263960ca623e9cde80aa01733242b19bb6e841cf7f25ec2f0808de261abab3c6b5400742b9ffa17d68f0c09e7ce4a5927069a53542237

Download Submit
memory/2728-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2728-658-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads