37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 20:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
Size

42KB
MD5

2a8609b26b2b0693030312c10394988d
SHA1

e783ccaa24e918fddffaffef2a1d4d2aadc5e46d
SHA256

37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4
SHA512

a030361258fa7fce96874f74eefcc9a2591eabf2c974c13c4baf10f52939a21e1f7c4727f1b62c8fe72d9a337301cdd69f78d4aa8c0a24f3b7a106439fc3444e
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJjtf8WUtf8WGoj9COieQJfoj9COieQJe:V7Zf/FAxTWoJJ2WjWpf1f9

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3779) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2368-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000014b31-2.dat	upx
behavioral1/files/0x001c000000010439-6.dat	upx
behavioral1/memory/2368-648-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvmstat.xml.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\js\localizedStrings.js.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.configuration_5.5.0.165303.jar.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\PresentationBuildTasks.resources.dll.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-execution.xml.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\square_s.png.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\service.js.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_same_reviewers.gif.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libhqdn3d_plugin.dll.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\art\01_googleimage.luac.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_dot.png.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgzm.exe.mui.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jre7\bin\javaws.exe.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ckb\LC_MESSAGES\vlc.mo.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\css\currency.css.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\info.png.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jre7\lib\psfont.properties.ja.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\calendar.html.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXE8SharedExpat.dll.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1028\hxdsui.dll.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\MSCDM.DLL.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Copenhagen.tmp	37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe

C:\Users\Admin\AppData\Local\Temp\37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe
"C:\Users\Admin\AppData\Local\Temp\37d985033cb0b1a6a8299e83338cf61a9c3235d871d960dd7e2a0699d11734b4.exe"
1⤵
- Drops file in Program Files directory
PID:2368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp

Filesize
42KB

MD5
2ce2ed4fbc7936e744efab36f6c0ccaa

SHA1
d669cc8ae3b3fcab49fb05389a2380091e505867

SHA256
d093075c305d231901bcf4ce9db325e29bf0f6e1ef71c24a74b114906196bda0

SHA512
b0dd26fb65d1fb71334d4c0d0683c967b27168928224ec3af2651063e4d43ed6858df17e22775e4b0ee5071e4b7e2dcfc0c2a654641712805467ffc0d73166e6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
51KB

MD5
55c4d8161657859651bdc3668958d0d6

SHA1
32101d0fa29dc6ebbeaa39075f9615ca5843acd5

SHA256
49c16c3b314efefb970be434734fe3e025b5f9aa04ac70a05d3d471100434263

SHA512
1d99e6418a5ed9dae95243e45a0165144f122aadf0d0da9fdce57d05e7c43aec71c9110ab7d9b6baf7a9034d212e6d3b4eb756fdb60ddd226c06d21d58baaa7b

Download Submit
memory/2368-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2368-648-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads