36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
Size

21KB
MD5

fa4af53ef11197dd84f7ad3356126cf6
SHA1

dbc9b67ebf18dec19e7f7d7013c4bd99c20ae3e8
SHA256

36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0
SHA512

550aa426e6f3efd6459dae4999f4fc379c615c284043fcdca9b51de7c123677313e23c8a3821b437b5e6d1e50bac506d50e709e92c38052b8f8e4d5f22a102b0
SSDEEP

384:QOlIBXDaU7CPKK0TIhfJJPbUEobUEnr8BpUjcVer8BpUjcVSoZnOriJfoZnOriJ9:kBT37CPKKdJJTU3UQreUYEreUYYoZnOD

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3745) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2104-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000700000001211a-2.dat	upx
behavioral1/files/0x00020000000104da-6.dat	upx
behavioral1/memory/2104-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_divider.png.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)redStateIcon.png.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\month.png.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DBGHELP.DLL.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Mozilla Firefox\installation_telemetry.json.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmono_plugin.dll.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Windows Media Player\WMPNSSUI.dll.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\notConnectedStateIcon.png.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd.otf.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\setup.ini.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Windows Photo Viewer\de-DE\PhotoViewer.dll.mui.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Juneau.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans_1.2.200.v20140214-0004.jar.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\gadget.xml.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1250.TXT.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jre7\lib\cmm\CIEXYZ.pf.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tehran.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hy\LC_MESSAGES\vlc.mo.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\sentinel.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waxing-crescent.png.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\triangle.png.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\Windows Media Player\wmpconfig.exe.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe

C:\Users\Admin\AppData\Local\Temp\36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe
"C:\Users\Admin\AppData\Local\Temp\36cdf08677441e55454183e46009f8454cde5544c27102aa51e9ebcef929d7e0.exe"
1⤵
- Drops file in Program Files directory
PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
21KB

MD5
44401a63afdf60197c436de3cb58693a

SHA1
5ecbc5ead71b039187ea736546475d82a61e2702

SHA256
748e145d3ed28abb7878ec87fcc8068afbfb2e6505e4330530b2aca19105cdad

SHA512
4fb295491b45891a64cf13ea639cfe63816faf9dcb73ad918151f879ebcabc773262c95beaec2e0bb9bc5cdb34f8164f1bf0364327c17b673e9131beb3ad840e

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
30KB

MD5
a12cfdc6b5ec0cf8e22f9a00431ac459

SHA1
0a43f8ff2bf2ba1367c4819eed6668cdd8d7d160

SHA256
4899a87b0d994b577988fa7d8517ca446ecf068e76c723c57525b4cc514d7e5e

SHA512
7f1bc0f2acc78b0dd67a1450c3ecce1b47ebd897908d6a60b1ceb58e36484199426c1a66e7824fb4198bc0c82f2b65188e89a988e6854fc0b851f661fa3beadb

Download Submit
memory/2104-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2104-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads