68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370

Analysis

max time kernel
98s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
30/06/2024, 22:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
Size

56KB
MD5

f5c4d44cd5d683a04d2204a3c0079fe0
SHA1

2b9cca8531f3f97410d05d7c6c01d21c581da58f
SHA256

68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370
SHA512

3054383d7c958aec42a0abbd587fd4e2f32a73da6232378842a779e8ccc74e68e65c698de2b72399f69b6a5fb1dc14e31f019ebdad6f771bbf8c8a8aaca6c7f8
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzm:CTWn1++PJHJXA/OsIZfzc3/Q8zxbqh

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1709) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2984-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000d00000001227e-2.dat	upx
behavioral1/files/0x00020000000104aa-6.dat	upx
behavioral1/memory/2984-62-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro_5.5.0.165303.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_zh_4.4.0.v20140623020002.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_ja.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-util.xml.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe

C:\Users\Admin\AppData\Local\Temp\68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe
"C:\Users\Admin\AppData\Local\Temp\68cd3aebe342f4053fe0c8dbe0f17949afd9b8fb98b7e537da097488f322d370.exe"
1⤵
- Drops file in Program Files directory
PID:2984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

Filesize
56KB

MD5
93ec6fea26b25ede51d47a2aaf30e833

SHA1
85d9c8ede2d9c320ab782a2a0d4c76ef18d00c30

SHA256
7530489281cea7573efd22f82748925ac28a44b22f0aacf2a41845a20cfe1eab

SHA512
509321e896eca06c7d05471247e0fde5c8c0d10c901e73efc86fe71fb7ab6b4cd2392225b9e0a93998f18a161959bb088b9dcd5ba1bd969fc3f0b54533aa7946

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
40f3622d95ebf8b9c214a6e3d57325f9

SHA1
fd9871d7502a4ab38c3e2bcd46839c0ae4ad9101

SHA256
b328ade2db6de4aecb141712b75f933ce74d141e213819883b6ebf1737d166d7

SHA512
a6c6b2c200c3d9be0fb644e05dfdd0c47b8f95f8f783849c3c627b8b55634428aac377f06d0cc563ac89973dc0fd1409de72daf87518c2d6f8c8bb3b996f42c4

Download Submit
memory/2984-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2984-62-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads