351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 03:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
Size

107KB
MD5

d8baf85b4ca562fa0734b5050a0801c0
SHA1

34e8d6d3f8e6450411a1dc943df0b30f508123a9
SHA256

351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5
SHA512

c069fb03cfd3f75634c8459aa0e672b42e494543be7a416a25aab16e42be1d4ad6d13537fda5914561de04d65043d4fde3a12f40c6b2c74b4f9f8f3ad93b649b
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZuEd4HZKMSs9w7WsLhEC7pGmRUf:KQSo7Z54HZKMx4dhECVGmW

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3455) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2428-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000500000000b309-2.dat	upx
behavioral1/files/0x0003000000010440-6.dat	upx
behavioral1/memory/2428-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ta\LC_MESSAGES\vlc.mo.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Windows Photo Viewer\es-ES\ImagingDevices.exe.mui.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationCore.resources.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\dkjson.luac.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views_3.7.0.v20140408-0703.jar.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-charts.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace2.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Windows Sidebar\es-ES\Sidebar.exe.mui.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\feature.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Windows Defender\en-US\MpEvMsg.dll.mui.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IO.Log.Resources.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-core-kit.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Windows Media Player\es-ES\setup_wm.exe.mui.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkTSFrame.png.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Phoenix.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-profiler.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe

C:\Users\Admin\AppData\Local\Temp\351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
"C:\Users\Admin\AppData\Local\Temp\351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe"
1⤵
- Drops file in Program Files directory
PID:2428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp

Filesize
107KB

MD5
d49891e86d1edd2356cb02fe3402d053

SHA1
c40f76847092816f17d6ca715b84c6f692fd0528

SHA256
252133f34c496dd9c420f1b8c6deeaa9462b1bc0fba219b554e83a8655f2ad03

SHA512
66d0683126e7698412f66a391f1bdc6b57c4a00a79db4cc739151086ec0feed94cd3cd464a2898915d8afc6bc58ec6adb36c2903b58907993e1870767b3324d2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
116KB

MD5
8fdabd32a6b0cb28f63c0671bee0d714

SHA1
676be4ba4da9ccc1fe9994933e0b747a36abcbae

SHA256
67b0d0a8c1c9719301fc7bf6286fe7a8c04734f784413632e829f9fe8969430a

SHA512
2f4be4a45f9cb0faaf089b45162b607aa82e8a6de3b373c710655fceff9a8663571192472dfdb6d57a826771479beffae27b5ed4a7e65cfe20ac6ed0f667d06e

Download Submit
memory/2428-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2428-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads