76bc143402446bee373fe246e4401b01090f44e4c806a651e5444481dabd8d5c

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 03:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4620341f689dcb62ff920fb1f4113c00N.exe
Size

28KB
MD5

4620341f689dcb62ff920fb1f4113c00
SHA1

c4e236779b764457d485aeec3da3703426dc7241
SHA256

76bc143402446bee373fe246e4401b01090f44e4c806a651e5444481dabd8d5c
SHA512

5b223d64092e8cc3b8b2f559219a7ef0ed05f2efc20c236cbfa46b46e7a4f7d4cda3637f534d9646ff54aa59750b9585a539bd96e105e6af072ce77bcd1e842c
SSDEEP

768:kBT37CPKKHzEXBwGo7FOtiJw1OtiJfo7FOtiJw1OtiJgpr:CTWzIWI8

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3236) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2384-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000700000001211a-2.dat	upx
behavioral1/files/0x00020000000104da-6.dat	upx
behavioral1/memory/2384-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-core.xml.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kab\LC_MESSAGES\vlc.mo.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Speech.resources.dll.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Regina.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-lib-uihandler_zh_CN.jar.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui_5.5.0.165303.jar.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-print.jar.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jre7\release.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsFormsIntegration.resources.dll.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaSansRegular.ttf.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Chita.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\MST.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\it-IT\SpiderSolitaire.exe.mui.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ml\LC_MESSAGES\vlc.mo.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Samara.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe.tmp	4620341f689dcb62ff920fb1f4113c00N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Scoresbysund.tmp	4620341f689dcb62ff920fb1f4113c00N.exe

C:\Users\Admin\AppData\Local\Temp\4620341f689dcb62ff920fb1f4113c00N.exe
"C:\Users\Admin\AppData\Local\Temp\4620341f689dcb62ff920fb1f4113c00N.exe"
1⤵
- Drops file in Program Files directory
PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

Filesize
28KB

MD5
697455b15b037ed1bd125b3846185388

SHA1
27d991d83807408f7966e72c2daacca516844b3a

SHA256
73124ebae4196dcd4826ba0e43fcbaf7a0d21566ecb3a36d0ef8bf2fc0d5b101

SHA512
7556e0c0844a59204bb5f315c0cf5bc3d2fb7589a9c9325d60d61b5f5e01ab610ff50b549f5676bf529a47aecef69ad4d20d4233303b3abd41ed8d4ce93f94fe

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
37KB

MD5
47b3da9858b887349f99eb7a321a3d46

SHA1
0cbce4517a357653cde75527e4eedb481f78591d

SHA256
5b8f075078c78a147de00a0d52e57962888955cdf7666c44c4b9450e1b192513

SHA512
70d28fe094b532ff7f4960e0dab71516cf0e86e270672b764a4b07a896f7510a3ce381affdf938bae28faaaa973acedb4450ee64b7a623e23eb3cb84a96d6005

Download Submit
memory/2384-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2384-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads