14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
05/07/2024, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
Size

55KB
MD5

528c6f5d8ede1d1eb5acb13aa281dff6
SHA1

88f5e195f63abe727d885371fbf85960105afcfc
SHA256

14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f
SHA512

20b960670962314d4adf842a7887b6724387bba98689592dda99c846de13eefc31c92bc2ba970fa6271d54ec3fd0bd92d9ba68e251d33e7d7c123c1d723284a4
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw/x/fxRfxCZj1hcaEWcxINgjn+4O:V7Zf/FAxTWOx/fxRfxCZj1hcaEWAIy+x

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3773) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2416-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000e00000001228a-2.dat	upx
behavioral1/files/0x00020000000106a2-6.dat	upx
behavioral1/memory/2416-666-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEWSS.DLL.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Windows Journal\de-DE\jnwdui.dll.mui.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javafx.properties.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over.png.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Windows Media Player\ja-JP\wmpnetwk.exe.mui.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Manaus.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ru\LC_MESSAGES\vlc.mo.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\gadget.xml.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\5.png.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach_5.5.0.165303.jar.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticattribute.exsd.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_ja_4.4.0.v20140623020002.jar.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\icon.png.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEINTL.DLL.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Windows Journal\Templates\Seyes.jtp.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_disabled.png.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_right_hover.png.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Windows NT\TableTextService\fr-FR\TableTextService.dll.mui.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\AcroForm\adobepdf.xdc.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_zh_CN.jar.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libcrystalhd_plugin.dll.tmp	14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe

C:\Users\Admin\AppData\Local\Temp\14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe
"C:\Users\Admin\AppData\Local\Temp\14490dd6e9ed2443da41fe50089935928c37abc7b9a7f78e0536bcb51230cb8f.exe"
1⤵
- Drops file in Program Files directory
PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp

Filesize
56KB

MD5
2e626226e954fe251ff7162710f072a8

SHA1
5debb6ab94c2cc760774a983b117c830e2633939

SHA256
939cb2d126d63cfebf9e7571da512b11a707361e26e55e412432713aac0fad26

SHA512
34cb903975433f5ad1c76bccc996dbfb9d0fc8f899eab42b051d22060e1b7c17c4c0c14d82d9ee004f13775539a245eed79b9317b51385499dc624ccfa9329a2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
65KB

MD5
335a9f723f2cc180cb20a122c14f0ca1

SHA1
ca893b03e50025d7a4e7568b2b52e278a941180c

SHA256
4aef022ebd85a9d20726f41576d9eb11e33374df42f8b5c35831ef519f70d38a

SHA512
8c5dcc48d53e567a66f1568e156dc1e46004762584b91ed7fe595b5920ef08c2cab73d80053cdf2874acd370d1aaeec63021cc3cc56c473a4ae20ea5449b9500

Download Submit
memory/2416-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2416-666-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads