b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/07/2024, 02:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
Size

40KB
MD5

bbfb3e137fd0d84ce32c661d0186cbc6
SHA1

687cc0e66e5b16d57d031c3e596f21dff77c41da
SHA256

b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60
SHA512

4a46c51ccd80cf340c7a653e9bb49f7fa76713e66d4c0cb69fcc6976d779edcaccfe432ccc32227c5d85d5947ff2f7363a705a62ee8334c157ea94e2888318bb
SSDEEP

768:a7BlpyqaFAK65euBT37CPKKDm7EJJBZBZaOAOIBRBT37Y:a7ZyqaFAxTWbJJB7LDKTk

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2842) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2452-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000d0000000144e9-2.dat	upx
behavioral1/files/0x00020000000106dd-6.dat	upx
behavioral1/memory/2452-104-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.ja_5.5.0.165303.jar.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\en-US\Minesweeper.exe.mui.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_zh_CN.jar.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rio_Branco.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\ShvlRes.dll.mui.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kaliningrad.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\bin\fontmanager.dll.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\bin\net.dll.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Mozilla Firefox\ipcclientcerts.dll.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\amd64\jvm.cfg.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\bckgRes.dll.mui.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Goose_Bay.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp	b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe

C:\Users\Admin\AppData\Local\Temp\b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe
"C:\Users\Admin\AppData\Local\Temp\b4d14721631e803ab76dc0bf52b289bee830063fe8868712ee4f4ee8289f4c60.exe"
1⤵
- Drops file in Program Files directory
PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

Filesize
40KB

MD5
dffa1b491b7e516463248f679d8da040

SHA1
1d6144368526718249dcb4cc59b250077bd49709

SHA256
46733ccd8018048c339bdc70ebe64d39a277ebc74337f19900c9f682ef2fe835

SHA512
e19f55c41625973fc2ff475ac545c25bbe42bec0a9e9c6d9bb8417f29d3c0e21c9648a3d5aeacfd58fe471794d313ecafffbfae4ebb1e2698e7e94a473d9bb19

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
d11447432978139703700b59d94d8e59

SHA1
cd67ff5ff50777b7a795c6f5f47827402ee393d9

SHA256
ba70404eb8bb0b490f5352e3d36a27d30d42525f8c046486ce9f1384fb229076

SHA512
73a1c892b28fff48f961cd717cea3ada806aa8d54da730a02d92fae456984f04a1cdc43fb2f95b2302240b775f87f9361d11106958f3c880293c79f5d6b3d97d

Download Submit
memory/2452-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2452-104-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads