9e21b081b53434ef8a105e785f59fd4693eee53a5e1cc6e17437a3f94df61b47

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
12/07/2024, 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

189658b1ca85a7dc8c61b9ca4be70010N.exe
Size

45KB
MD5

189658b1ca85a7dc8c61b9ca4be70010
SHA1

147a79c84fef5bc7278d1228578f7953ee38c3da
SHA256

9e21b081b53434ef8a105e785f59fd4693eee53a5e1cc6e17437a3f94df61b47
SHA512

a079cf5a726f124d1b2efc5b61fb1210711681a4bd4d65cc3845d9948890f504e9b8aecd0a5926e89b7bf4297c0482425d0d699041e7839914c41ea62b859c5e
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFI7:CTWn1++PJHJXA/OsIZfzc3/Q8IZ9

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3305) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2160-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000c00000001227f-2.dat	upx
behavioral1/files/0x0002000000010622-6.dat	upx
behavioral1/memory/2160-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-options_ja.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\chkrzm.exe.mui.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Mozilla Firefox\freebl3.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.Speech.resources.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_ja.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_zh_CN.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-favorites_ja.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.RunTime.Serialization.Resources.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libzvbi_plugin.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre7\bin\java.exe.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-remote.jar.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.clusters.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe

C:\Users\Admin\AppData\Local\Temp\189658b1ca85a7dc8c61b9ca4be70010N.exe
"C:\Users\Admin\AppData\Local\Temp\189658b1ca85a7dc8c61b9ca4be70010N.exe"
1⤵
- Drops file in Program Files directory
PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
45KB

MD5
ef1480863bfd4747d4786fcd4c8521e6

SHA1
0adb58ae870292b9cdd5884cc91c4d4b97775a4f

SHA256
10bca3cdc7068150b613d94e972366aa727a3afae702c9458f96f82aa87e3c36

SHA512
804e956749c5836a12be3045cd9d244bcea7bcb87ce9a4bc19baff2f5238a3bdb7daa00d06aa3eabc020934b30571ac608a947d6b9498b4c0bd947441eb58835

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
54KB

MD5
b127097aaa5f2c13777ee38af8a5afd5

SHA1
261e4f0a4c8bd0d3787664c6e6ce2da32e1174cc

SHA256
5c4a9f655510f366b14581ffac2f6363778d0e9529e1aa83e489a32356be816a

SHA512
9aaf27d55ce63e680a681d424e2dbc1c8ae5efa9f65865b2b4364209316aa45ff3237fadf20fc1ae2f1e94ab25109c76f9316415c0a6a8bd66c5b480e54f4b8a

Download Submit
memory/2160-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2160-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads