1120d26c0db3a0d60352aa9ed55afe65ae5cfe20448c55758150997b6ea3ee03

Analysis

max time kernel
149s
max time network
125s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33a8da668103601848692927a5386720N.exe
Size

142KB
MD5

33a8da668103601848692927a5386720
SHA1

ea7e113d3020f6360c3b0b6bc60ac209bf89ea77
SHA256

1120d26c0db3a0d60352aa9ed55afe65ae5cfe20448c55758150997b6ea3ee03
SHA512

e18026c283d8941e27a7bc8bec7fa8dd8a12324af80514d84af76eae898fc4b180915f08043741c1846c64062cdbb4d9e9038a1a3cd018bd13a92915432ad64f
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCK:+nymCAIuZAIuYSMjoqtMHfhfM3A86

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2818) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000b000000012281-2.dat	upx
behavioral1/memory/1956-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000f00000001045a-6.dat	upx
behavioral1/memory/1956-162-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\time-span-16.png.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_pt_BR.properties.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable.nl_zh_4.4.0.v20140623020002.jar.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tirane.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Easter.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.tmp	33a8da668103601848692927a5386720N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	33a8da668103601848692927a5386720N.exe

C:\Users\Admin\AppData\Local\Temp\33a8da668103601848692927a5386720N.exe
"C:\Users\Admin\AppData\Local\Temp\33a8da668103601848692927a5386720N.exe"
1⤵
- Drops file in Program Files directory
PID:1956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
142KB

MD5
2badaa0d02bb6541ff45ac9475bb44ed

SHA1
244bc950f4cebae652e0778fe525bea3d1cbe98c

SHA256
620ad0dfd1ab24b6527d25ad8058a2f9d60c15e9608d3e20dcbdd6b7a7b9418c

SHA512
66173aec8ab05a37f9e740d40ed1f98f5fc92889671c997da7ab87b9b8da31d14c3aae48012dd7abaf18415abb2b969db471a816dbafc7b613ace38a7ce2130a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
151KB

MD5
2e972db7042c2b2c1b97b4ec0244534e

SHA1
62b29d71e4bc70780f87217c496bf9a5a5407fb3

SHA256
9d74305020c0ff5fd366cede2b1de95db0abf5bf66e80e2ab1befeb1b7bc02b6

SHA512
5fd98fdddc18aaaef05821bbe7bd139d5ccdad803699c06cbbe8f4df7b30d8b27783c2b3dc4d3e4e776e36dd702547dff0f04ec503dacbbb8117a883198fcb05

Download Submit
memory/1956-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1956-162-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads