5e784e243a70f6b490c901366fa5ea5d4d53e8ef842cb2f3b8fdc237ea2d8f1e

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2151f0582f10e784d21cf906a9a82980N.exe
Size

68KB
MD5

2151f0582f10e784d21cf906a9a82980
SHA1

736d787d9b33335087a9f5afc228c821a9da248c
SHA256

5e784e243a70f6b490c901366fa5ea5d4d53e8ef842cb2f3b8fdc237ea2d8f1e
SHA512

4562be79611bec65291fa0b3a817c5fe8fae8b16a5568694fa5a617f3a4a5e22babd9e32cf0777bd19c1bb79290218f1011c538def27b067a36381f6579b689d
SSDEEP

1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8Q8/8fC/:enaypQSosk0

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3115) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/388-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b00000001225f-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/388-650-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_zh_4.4.0.v20140623020002.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jre7\lib\sound.properties.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\is\LC_MESSAGES\vlc.mo.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.command_0.10.0.v201209301215.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Godthab.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-nodes.xml.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-windows.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-heapwalker_ja.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_ja.jar.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	2151f0582f10e784d21cf906a9a82980N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	2151f0582f10e784d21cf906a9a82980N.exe

C:\Users\Admin\AppData\Local\Temp\2151f0582f10e784d21cf906a9a82980N.exe
"C:\Users\Admin\AppData\Local\Temp\2151f0582f10e784d21cf906a9a82980N.exe"
1⤵
- Drops file in Program Files directory
PID:388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
68KB

MD5
40e4c5324f5cbb065b08519f533f529b

SHA1
132eadd53cb6557d888141f1e0f8a5f602db0222

SHA256
66aa32e30b22ab268c54a52aa69232d52a6f557b03243b2843fdda278710e6f8

SHA512
1ae4793de2a25f7197fc871c1ac2ad5ae35825357d3b971a2da774ebeb0c822a6f4cdeab6cd53d682e7a84b7ae383916a1c2b9cd7505cfb14f81882e098701be

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
19bfb791ee6142a8c8ec0bce1e717a2a

SHA1
344cc337cafcf4e04865757f19bdd7a96d5250e2

SHA256
bf4c81277905ce9ae22f7cf3845cc1f0f26e01955a8e3e89b5051e978d71754b

SHA512
01446d82d7db6b8ae9198fe602752e136e0fb5eb071abce7955f0ce874a3c02ab9c5b1d80cc5d94be559a54a6f9f08939e27cfbecfc29619c04f2be2d98ff8d2

Download Submit
memory/388-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/388-650-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads