21a6be0f7034c00101cf2d2f985e7ea5dd9914d49f403719d0b1bebb1f1438c4

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 11:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d0b61022c8c379cf491350d42f595be0N.exe
Size

85KB
MD5

d0b61022c8c379cf491350d42f595be0
SHA1

dc2a285d259d5a21890a44468b917d0ee73dae1b
SHA256

21a6be0f7034c00101cf2d2f985e7ea5dd9914d49f403719d0b1bebb1f1438c4
SHA512

bc3cdbd2aa453dede4eb1f89b5b26f5a25ee90105c8089a9fcf9fa6afbc9b9a82b13ac3c193b6a913555cc6afa322a198ca907221c43ce16659d3724635505fe
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxSV:fnyiQSoH

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2845) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2348-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0018000000005c50-2.dat	upx
behavioral1/files/0x000f00000001045a-6.dat	upx
behavioral1/memory/2348-648-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.xml.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\FormatAdd.mpg.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Selectors.Resources.dll.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\ir.idl.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management-agent.jar.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\hprof-16.png.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationClientsideProviders.resources.dll.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dushanbe.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Uzhgorod.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_zh_CN.jar.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Metlakatla.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_ja.jar.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.actionProvider.exsd.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bogota.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jre7\bin\dt_shmem.dll.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp	d0b61022c8c379cf491350d42f595be0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	d0b61022c8c379cf491350d42f595be0N.exe

C:\Users\Admin\AppData\Local\Temp\d0b61022c8c379cf491350d42f595be0N.exe
"C:\Users\Admin\AppData\Local\Temp\d0b61022c8c379cf491350d42f595be0N.exe"
1⤵
- Drops file in Program Files directory
PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
85KB

MD5
79cc14a1c25c96a3a468d9efdc0f0ed7

SHA1
cf075e8025ed80496a0c2df7f3344039d9ea53c0

SHA256
56a283c9ab5566be812687b14c468cad64436ead5f0c4ccf0e27209678d0a0a4

SHA512
9f1e5281df7ea363100f09226fff894fbe7906c97907d353d476c5a55c985d87d3bb513e1a89b8e76f3dfa223541784a85543a527a30b758eb1641158aede58f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
94KB

MD5
14d517c4249dd036660004693698996e

SHA1
2012e36c195c8525625c5d394a8e4e90b496ca69

SHA256
9e16059575740e8aa138e24d4e710b71ea8f7018f71ab5025cc8e5b89b29ae4f

SHA512
26b548cdf5cadf9220cb1252b3f949c3a30d7d6e7f5e6140df82f19b9784e80bcc9c0b1cbd0578b386bb8f70a100d835ea13f748d91123cb328befba2e9cc5d1

Download Submit
memory/2348-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2348-648-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads