62b99a534b5d2534b71d302ca8ff74121346b9ccc0bb060a1cf8f3f52332824b

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10e330a219d8bcd72de91f2c204652d0N.exe
Size

32KB
MD5

10e330a219d8bcd72de91f2c204652d0
SHA1

fc413935fbc2b0f915fbbc76efecbc61c4b29ef0
SHA256

62b99a534b5d2534b71d302ca8ff74121346b9ccc0bb060a1cf8f3f52332824b
SHA512

642815119da1fa521d61c9fe629c8d54e09e84849d6113cad296e31b6a5abdc1bf9d858855bebcb9a1d17a146f4c5c13b7f535ee2b7d5bb30c325c169c5533ae
SSDEEP

768:kBT37CPKKdJJ1EXBwzEXBwdcMc827SKNx27SKNvzcF/MF/h26:CTW7JJ7TG2p26

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3993) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2152-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0007000000012117-2.dat	upx
behavioral1/files/0x0002000000010557-6.dat	upx
behavioral1/memory/2152-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\JPEGIM32.FLT.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Asuncion.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jre7\bin\jaas_nt.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Maputo.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-queries.jar.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Windows Defender\MsMpRes.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Thule.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\js\calendar.js.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.png.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfr.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\EEINTL.DLL.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\ConnectionManager.xml.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\navBack.png.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\UnpublishSwitch.docm.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\WET.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_shared.gif.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_es_plugin.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\CST6CDT.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Windows Media Player\it-IT\mpvis.dll.mui.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-modules_zh_CN.jar.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libd3d11va_plugin.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rankin_Inlet.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\ImagingDevices.exe.mui.tmp	10e330a219d8bcd72de91f2c204652d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	10e330a219d8bcd72de91f2c204652d0N.exe

C:\Users\Admin\AppData\Local\Temp\10e330a219d8bcd72de91f2c204652d0N.exe
"C:\Users\Admin\AppData\Local\Temp\10e330a219d8bcd72de91f2c204652d0N.exe"
1⤵
- Drops file in Program Files directory
PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

Filesize
33KB

MD5
0eaaec3c1df6fbb2b1afd8a452a75e56

SHA1
b3da126099e6bdeccd2d7169db5f26e31db29875

SHA256
c6a4c51ccaa08ae47eaf52af6440ff400c22b6f09124210ac70b00f9783ab79d

SHA512
b436416b61c3b3169e7feb6acbd101c1c933e49d9bfe88f80e8cd3ed9963633dc720eb626e6904adc414f42dcfe3869b0b3d025b748cc652718ba8eeaff338d3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
42KB

MD5
a3df67e6cb111cf966bc37d3b350131c

SHA1
17caaef38f05cf4c49dfb809d4b64ac13f5f8f21

SHA256
7535637b51f587e0aeea9162e46febc44edb11b3ec2743122aed7c34c60751fd

SHA512
5a1e0b82bc18b87bc7139efc18a9d79d26d1451e9c3fcecc879144b42aa6070676d4a35e3cc4865fea5ed29df4ce75052b89acf58304829a75d1965a47e3cd51

Download Submit
memory/2152-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2152-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads