f1661f93a714139114435fe5c65f1859664364131563514fa5fad78bc7aadbf9

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 23:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1ed92363febe096f40ee075e67642930N.exe
Size

51KB
MD5

1ed92363febe096f40ee075e67642930
SHA1

203911414012590c280c4a1a2ca62cc44df1d360
SHA256

f1661f93a714139114435fe5c65f1859664364131563514fa5fad78bc7aadbf9
SHA512

17df6ba44abd0fe19fb21836d553ca071508ad2ce680d29e676bced172a1e4f34fdc58dad52f5ed05f72f5e07bc62e061ab19b14d816b3e8647a35fdee95af4f
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw+qAJmqAJieluW4eluWV:V7Zf/FAxTWR01401V

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3307) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2624-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b00000001227c-2.dat	upx
behavioral1/files/0x0002000000010489-6.dat	upx
behavioral1/memory/2624-656-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\fr-FR\PurblePlace.exe.mui.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-core.xml.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Engine.resources.dll.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-plaf_ja.jar.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-spi-quicksearch.jar.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Internet Explorer\en-US\iedvtool.dll.mui.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	1ed92363febe096f40ee075e67642930N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp	1ed92363febe096f40ee075e67642930N.exe

C:\Users\Admin\AppData\Local\Temp\1ed92363febe096f40ee075e67642930N.exe
"C:\Users\Admin\AppData\Local\Temp\1ed92363febe096f40ee075e67642930N.exe"
1⤵
- Drops file in Program Files directory
PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
52KB

MD5
29eac7a8125eb37e8183fb7a6b820f80

SHA1
551d723e42e16d08bc1427c820333447f0c9b760

SHA256
c8e37d39db3be7aedcac48d7a59c9230687a873ddac3305248c6cf221afcf551

SHA512
bf92561aaec0d8ec54c27bfbf17996c2a48a0cf31e6a35c831b98257f86efd26902ab98692e928793ad5421337b5e8e652839f701ecfb8a73984a8c4e15ffcee

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
61KB

MD5
1d8d0b7babb71bccf1c1923cd96d5905

SHA1
5721edc015be68f76c46299b8ff01718cfe4b183

SHA256
4987b60c968aecaf06582b1b5b3310b6df6c00be2c0527f177ca1d042bb30c14

SHA512
e4aca16aba86d976ed36074b0176e7d33c506cf2fd9e46257ff83e9d256732b04a6724212249279c5befd16b70732cd4b423bf2d6ee42cf71159860343daa18b

Download Submit
memory/2624-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2624-656-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads