489173ecd72c1b744e6398e4d25f601b37d01ca0275a2d024c923b9ce533d026

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 00:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2364889e0e5e989a6660c194a8286840.exe
Size

52KB
MD5

2364889e0e5e989a6660c194a8286840
SHA1

087555d973bc16e0ccb1bd296e5bf24992d44025
SHA256

489173ecd72c1b744e6398e4d25f601b37d01ca0275a2d024c923b9ce533d026
SHA512

907d30178c2e2b42deba7c895bd5c3110df5766bb5b0f2e16a596bc98b1c9f747869be7b01dc5f276415fec5013c1fc311a85546ae3e7759c2a1a4f1751160f5
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJjtf8WUtf8WZCqCBUpCUpU:V7Zf/FAxTWoJJ2WjWZCqCBUpCUpU

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3444) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2724-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x00080000000120fd-2.dat	upx
behavioral1/files/0x0002000000010663-6.dat	upx
behavioral1/memory/2724-384-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Windows Journal\it-IT\MSPVWCTL.DLL.mui.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtobe.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Cocos.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler.jar.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libantiflicker_plugin.dll.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\lib\jfr.jar.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\lib\ext\dnsns.jar.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\London.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Video-48.png.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mk\LC_MESSAGES\vlc.mo.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Cape_Verde.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\status.xml.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.server_8.1.14.v20131031.jar.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp	2364889e0e5e989a6660c194a8286840.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Net.Resources.dll.tmp	2364889e0e5e989a6660c194a8286840.exe

C:\Users\Admin\AppData\Local\Temp\2364889e0e5e989a6660c194a8286840.exe
"C:\Users\Admin\AppData\Local\Temp\2364889e0e5e989a6660c194a8286840.exe"
1⤵
- Drops file in Program Files directory
PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
52KB

MD5
4cac539441b0fa865c4ffee1219144cc

SHA1
52dc09113986cd7fffc969810b31973fc8efbb90

SHA256
67b2bfd51e41288aac649e8943c67f3991bc36a8e6428d81b56d208782a42f0d

SHA512
c087669adb1c6799ea457faf7fe409875924518400ce365718d306347776039297938688a0c7d409d8c0b5ea0a932423528e0e96f67c657d3b44e752faad721c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
281da683a72b149bf95636dbbe6476d4

SHA1
e860743fdeebbc0537b975728397d8b50941d328

SHA256
deccc9a037c4b95253456994d20f12e2af1328577d8b5a71c4b3596edf300a42

SHA512
79d43c1d8d2c53c30e27d0b7d7daa5b345df02e6fb0cddee21ad63cf1832e16024d2674215053dc20cb4be2827724fc68eb2e5267220e6ba5bd69cef5a3568ba

Download Submit
memory/2724-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2724-384-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads