f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
11/07/2024, 08:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
Size

81KB
MD5

18f229e901e0977d4af9ab73e030b00e
SHA1

5ab32ac2f6609c278388481b8234beffc33433a2
SHA256

f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a
SHA512

2c82c7031ddcf389e8abf87ddccc29370beba7b981c0992a13886147bb5c707053a3f45038464d4f0a9e3bafb0f6fe9b58831273e5a80dcce82e00aaab99a6b7
SSDEEP

1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8jsfEiw:enaypQSoTEiw

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3497) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2728-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0008000000012117-2.dat	upx
behavioral1/files/0x0002000000010667-6.dat	upx
behavioral1/memory/2728-654-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeXMP.dll.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baku.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jre7\release.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPTSFrame.png.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Windows Sidebar\en-US\sbdrop.dll.mui.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.png.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Resources.dll.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\MeasureInvoke.inf.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bahia_Banderas.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\32.png.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Resolute.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoAcq.dll.mui.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Center.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\logging.properties.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingEngine.dll.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe

C:\Users\Admin\AppData\Local\Temp\f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe
"C:\Users\Admin\AppData\Local\Temp\f04346abdc969eb7a125e76798cf1c154191f0c299a580852d8179efaf6f0b6a.exe"
1⤵
- Drops file in Program Files directory
PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2660163958-4080398480-1122754539-1000\desktop.ini.tmp

Filesize
81KB

MD5
f3d215e034c72b8247fec0c2933d7c7f

SHA1
375af4a6305c6df1bc7145dfbedc74f64e8ab844

SHA256
29afbebde225b809563504117265c72a69490a6808984a0262e797c738b92937

SHA512
a2dd61aa95393f1c61ebb62e12d3dd27b8d8396f222e32d408872dc0dc105e4263a722335d620f9682ddf431418ac8345dfc738a671c1cb780f3f7a073608298

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
90KB

MD5
ae8c312683ce82c59c001e8f260bce2f

SHA1
55968a0b0b1c47659cfe67dcfd6a8604896637ae

SHA256
95a6df16735d7f41514ef77389b1ee562719db76b2a210818611b3a3fc98f1cc

SHA512
e49f35b1b23d3bc3f52e49157844b1c84f9544db2cbd827d4c62512e2241ad12dcac6c97f3728edbdc4228a868e046002494b2ad3edcb72f6616b9cd0300daf8

Download Submit
memory/2728-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2728-654-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads