4240111227a194424cdefba4f6e12cf11361b4d55096991ae72c5faa6e9a50d9

Analysis

max time kernel
149s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05-07-2024 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

138dd790fe15096ab7f651ef4673b920.exe
Size

51KB
MD5

138dd790fe15096ab7f651ef4673b920
SHA1

254020d3660ec04068198318a3a3a6baff092abd
SHA256

4240111227a194424cdefba4f6e12cf11361b4d55096991ae72c5faa6e9a50d9
SHA512

f3b0290caa33d1dd63d1b470e2d24f066e631491f46373afcbebc6a6009b01ff16cc80ad08ea56b802cfc0399e98b0237cbdeade1fa027786b599012caa7b148
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzf:CTWn1++PJHJXA/OsIZfzc3/Q8zxp

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1177) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2452-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c000000014968-2.dat	upx
behavioral1/files/0x0002000000010463-6.dat	upx
behavioral1/memory/2452-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\St_Johns.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Halifax.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+6.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Darwin.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	138dd790fe15096ab7f651ef4673b920.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	138dd790fe15096ab7f651ef4673b920.exe

C:\Users\Admin\AppData\Local\Temp\138dd790fe15096ab7f651ef4673b920.exe
"C:\Users\Admin\AppData\Local\Temp\138dd790fe15096ab7f651ef4673b920.exe"
1⤵
- Drops file in Program Files directory
PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
52KB

MD5
0cfa0916f60fc7fcba77dc296e29ecc3

SHA1
1db446e97a89458f88d9081056a8cb4b7e0f7836

SHA256
065e66f73309d6fe42008065473f26c8594074f1e099a8cfa021ae05af55e910

SHA512
2b8f3483cf16c026acd859cce2e84a29287673cc95bf26e9a1f5aa97e49b753e7f76222e72b4d2b5de94dc9ce192b43fff0105e8abf7ba5e4f56da84263a8e84

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
9ac8b4fb66e0a6ad66c3fc2b9cac707a

SHA1
1002a595f582098810a7c3414d9972011d216c76

SHA256
d0af1ed9f571dbe579b198e28cb2c185f5f9004177785aa9c0ca487943f17275

SHA512
31b471b6e0a9975b7065ad87df241ff6e7d69809bef931d3dc586f88fddf211e1df2000eb5df2c27706659fb91803504f8545db9dc7c33d50f2a19929a029fd4

Download Submit
memory/2452-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2452-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads