22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
Size

44KB
MD5

4e93fad0df6037754562898ef9cc4e23
SHA1

f116eba19bc3f5919c4eece887d62b1f2241fb76
SHA256

22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455
SHA512

5236a4ec71bde2ff9eb5d8b85fc798bcc0cf283b20722abd69ccac41ed87171f9e34b08dc4c03d79a77b4f8092c0e381c4d343a64109803933e2e62a7ebef806
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI5E:V7Zf/FAxTWoJJ7TQ

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3791) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2116-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a000000012280-2.dat	upx
behavioral1/files/0x00020000000106a2-6.dat	upx
behavioral1/memory/2116-668-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_asf_plugin.dll.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet_3.0.0.v201112011016.jar.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over_BIDI.png.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_hover.png.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\MSOINTL.REST.IDX_DLL.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Windows Defender\MpRTP.dll.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeAUM_rootCert.cer.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\META-INF\ECLIPSE_.RSA.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Windows Journal\Templates\Genko_1.jtp.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_thunderstorm.png.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_zh_CN.jar.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe

C:\Users\Admin\AppData\Local\Temp\22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe
"C:\Users\Admin\AppData\Local\Temp\22ca3fd7b3410e88ad635186796e17625969c7a089e7f975fc47a5756ab0d455.exe"
1⤵
- Drops file in Program Files directory
PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
44KB

MD5
d4eed2b5a0a8450d079b9b8f681d8be5

SHA1
eb3adbc486eb9634e01eae122d8d27d7abcb88c6

SHA256
38289bde9333a2ae91beef744547b02d1d91211fba05595d1ee49391508f415b

SHA512
5cd78c0240e23c6a3d5c42f0537211f7e40d0296d6261c8416ff8529c4587d4a3f6838368468f050d46653df1557350e1b059b31093420e55d0b10de14a11f39

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
53KB

MD5
5f8ed0a6ca71d9a43cd9d5ddc84a206b

SHA1
e1d0a397cdf59dd236013964cc5c190f72c029e1

SHA256
bff7388417ad944a0f82008fd80988a49fdea90111ee96c1d3142912a8a11440

SHA512
3e6255a03af01e2c114f44486636d20a6bf4813de5ba17a19b5fe9c2808ecf75866dc64f2b952239c052e4e98d48c665cc8c0af0d2fc610a71134929d00b506a

Download Submit
memory/2116-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2116-668-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads