ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-07-2024 01:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
Size

53KB
MD5

b961e0c783efd16ac4da962666b01aef
SHA1

88b982c74f8137b8580c346840f03aff5790033b
SHA256

ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a
SHA512

eb0a4a4d0e1885f54a4e90b82582fe36179ac18e9a7fbc90e779de74ae0ccca705b5623417674cdddb69580558196228ee7eb1288f973c97bfb3c96897a9937b
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJjtf8WUtf8WZCqCrGoGO:V7Zf/FAxTWoJJ2WjWZCqC5

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3451) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2068-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b000000015ca5-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/2068-438-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Mozilla Firefox\libGLESv2.dll.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fiji.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-3.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Windows Media Player\ja-JP\WMPMediaSharing.dll.mui.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Windows Journal\en-US\NBMapTIP.dll.mui.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Entity.Resources.dll.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+1.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.resources.dll.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jre7\bin\dt_socket.dll.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4ADT.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.tmp	ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe

C:\Users\Admin\AppData\Local\Temp\ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe
"C:\Users\Admin\AppData\Local\Temp\ab56da56173c571ab64581cb97a03bc37e53ec8b3da723a38139fefe5329361a.exe"
1⤵
- Drops file in Program Files directory
PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
53KB

MD5
520f967501edc4ec4598c3cc5a1f12bb

SHA1
602fae8a43d2d915ffbc01cb92b72e5c6c58486a

SHA256
42b9f9c29bd15f1b98df83d4f4c34d84c719aa4e7a59f174ba0f5eceb4571203

SHA512
57e91ac6b9ee108d96ba8f32817349204ecc7e55c0ddad7bd271cd8c7cbf18b37e476af38cd95fdfd95fbcb90674be041969b2bc073da4f0375b2af23f598727

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
62KB

MD5
6420b0b24ea9db13dd078abac9058ef4

SHA1
fea72887bc92887cf6ebc491875af4f0ce9829d2

SHA256
635a37268bcaa600218532ee316fdeb32c6093aa2664a73b626ce9ddfafc2b0d

SHA512
312b76c0d572601c33125e42e57dedece7c3218fb9a0bef8e598a199bec6933272fe7f70b74e9a8762b8c89c9892d9725340654867653bb8bd2f08db509e578d

Download Submit
memory/2068-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2068-438-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads