3d8032921cc9f6d52c795ea9388ae2c69e9901b9094b7f6b9020b5fc6a2ea329

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01382561a42ff7fc65d101a3db022920N.exe
Size

74KB
MD5

01382561a42ff7fc65d101a3db022920
SHA1

0d964a835d2a27081e5e2e2657020f26f630de80
SHA256

3d8032921cc9f6d52c795ea9388ae2c69e9901b9094b7f6b9020b5fc6a2ea329
SHA512

bd256740b2085c9b94ea7d6a1c7c41dae4dce2069e83e78369bf1e1e8c8a6ca657daaf062b40cce0065b010d5547bc4d5dc9303e896ddc2743f762d606096be4
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q861T:fnyiQSoV1T

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3708) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2700-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000a00000001202b-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/2700-658-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\VideoLAN\VLC\hrtfs\dodeca_and_7channel_3DSL_HRTF.sofa.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libcache_read_plugin.dll.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages.properties.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Windows Journal\jnwdui.dll.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mp4_plugin.dll.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\orbd.exe.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\META-INF\MANIFEST.MF.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Bermuda.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_gloss-wave_35_f6a828_500x100.png.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblend_plugin.dll.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)alertIcon.png.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kosrae.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\14.png.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\37.png.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Antigua.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands_3.6.100.v20140528-1422.jar.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-first-quarter.png.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Windows Journal\es-ES\JNTFiltr.dll.mui.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Gradient.png.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\CourierStd-BoldOblique.otf.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libudp_plugin.dll.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Windows Media Player\en-US\wmplayer.exe.mui.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui.tmp	01382561a42ff7fc65d101a3db022920N.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\calendar.html.tmp	01382561a42ff7fc65d101a3db022920N.exe

C:\Users\Admin\AppData\Local\Temp\01382561a42ff7fc65d101a3db022920N.exe
"C:\Users\Admin\AppData\Local\Temp\01382561a42ff7fc65d101a3db022920N.exe"
1⤵
- Drops file in Program Files directory
PID:2700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
74KB

MD5
4ef2ae69d845ef9bbd011a71a2e6f7e3

SHA1
5d1ddfe1d420110c90fd6e7bf7c8a4da2a3ff52f

SHA256
4646f18319a088ff6d4f3e55d8c30437779487984143f1899753afef66de356a

SHA512
9ccfdd7dbdcebef9edfa3fa723ab5d094e21cce391c6191dbd05a0cc62c49f0cef78df78c5ed00738ba80cfd07e429edafc045fd333a57bf7961cf3917572f99

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
83KB

MD5
7776c21e6108eabe46e927b5ff330c55

SHA1
ee585a3446c44b4b7a3b7cfa1602118c472dd294

SHA256
8356402053d7c759af119700b71617abf0fe37bab7b6f6fde45578c0c1c40471

SHA512
2ab9b87c284353ebaa1d58d847cbcfba3ded14d46c324941465d31960b8b8b6be81a7675e58134fc8c0588b46ea882ddaee2bccfcd67aa12ee8ddec8f71f9bc7

Download Submit
memory/2700-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2700-658-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads