0bd61d84e8ab699e17aa46a0a2aae058354b0e2c7c8a2e453cfcd91654f4d3f1

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1752e9a8e99a2d12fc1f0b2a74c39890N.exe
Size

94KB
MD5

1752e9a8e99a2d12fc1f0b2a74c39890
SHA1

9317ea59defeff7c572d359a689537f27b9b7915
SHA256

0bd61d84e8ab699e17aa46a0a2aae058354b0e2c7c8a2e453cfcd91654f4d3f1
SHA512

814493705242fd943c8fefe94998309678b4a537ebd380f23afd35ae4d11cb0e15de79d70acb9c3b663781bcbad943336504b6df685161ef9c385a91b9d8f661
SSDEEP

1536:V7Zf/FAxTWxOmO/fxRfxykK3ZUkK3ZKYim43WYUNz8t7BaM0uV8TNyK:fny+Tuf7fs6km4r7W

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2737) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2692-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0007000000012119-2.dat	upx
behavioral1/files/0x00020000000104da-6.dat	upx
behavioral1/memory/2692-384-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Mawson.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_zh_CN.jar.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp_3.6.300.v20140407-1855.jar.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Dhaka.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Swift_Current.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\bin\installer.dll.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\lib\security\java.security.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-fallback.jar.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.lnk.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_ja.jar.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Wallis.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookbig.gif.tmp	1752e9a8e99a2d12fc1f0b2a74c39890N.exe

C:\Users\Admin\AppData\Local\Temp\1752e9a8e99a2d12fc1f0b2a74c39890N.exe
"C:\Users\Admin\AppData\Local\Temp\1752e9a8e99a2d12fc1f0b2a74c39890N.exe"
1⤵
- Drops file in Program Files directory
PID:2692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
94KB

MD5
bbf6f473221a88a5a62cfea0aa8cdc44

SHA1
b103ff8db453873dc5329a2093612bef96e436d2

SHA256
320b96b8a7cb855080dc3eb0f3f7c3bed7bb12008078cc48cb34c8fcb42544fb

SHA512
cc9396bf29bac241bdabace0b630e7076a6a36c9ec6026f8ec5740da25e41f8fc5cea46a193bae56ff4e36485b16801b821a8fcb93cdc880552317e30256c549

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
103KB

MD5
602c040341951526288e9864bd600ccb

SHA1
7cc9f1df45a41fec8cfe80e63417462b0ba4cd67

SHA256
db875884e49ffaed917615dd77f7aa16b924b8d371fd9fbc32ae2dce394dbdc6

SHA512
23e15156cfc80a7cb28d8bc427a5b9b4e6006b526001c3af479ff7c356a83faad89d13ba5bf7ba54010901b77463b528a1c074ce40a99742b32ea1b2224d9026

Download Submit
memory/2692-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2692-384-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads