664efa6e886094dbb764aab9d0ed347d875c1bbde8965becec45537393aea4e1

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

567b14738b31d1d464f0ca41cd83fcf0N.exe
Size

66KB
MD5

567b14738b31d1d464f0ca41cd83fcf0
SHA1

60a82401051b33d96cd5695630a048e1919802d9
SHA256

664efa6e886094dbb764aab9d0ed347d875c1bbde8965becec45537393aea4e1
SHA512

35ed93ad91dd26c828f31581202fa9f623a7aa40b9f5dde190f09be2e1966322f26846aa19f4bde255122c42c49bfb306d326bc0d2af4749f2e663f35eba51c9
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxviYiaE+UpCUpX:KQSo4iYiN

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3208) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2468-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a0000000122db-2.dat	upx
behavioral1/files/0x00020000000104f5-6.dat	upx
behavioral1/memory/2468-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmic.exe.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql_2.0.100.v20131211-1531.jar.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Internet Explorer\jsprofilerui.dll.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Design.Resources.dll.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libkate_plugin.dll.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_mac.css.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-services_ja.jar.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaireMCE.png.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.svg_1.1.0.v201011041433.jar.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Chagos.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jre7\release.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Mozilla Firefox\mozavutil.dll.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston.tmp	567b14738b31d1d464f0ca41cd83fcf0N.exe

C:\Users\Admin\AppData\Local\Temp\567b14738b31d1d464f0ca41cd83fcf0N.exe
"C:\Users\Admin\AppData\Local\Temp\567b14738b31d1d464f0ca41cd83fcf0N.exe"
1⤵
- Drops file in Program Files directory
PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
67KB

MD5
d4881e518b019a41f8b750938657cebd

SHA1
355c0785ee43abe1926c8b4c5f8d1707b265d7ad

SHA256
d450b04dc23dad65cec27aa5cf5ca6b881e2870ee011cddcbb6894da24f831fc

SHA512
002e88d6fed25598fdb4bf7eb2801022ab5197b91327732cb5b28526b4542f5e8f069d39eeec8ab88e5c43bb6a4d40a59c870f0738653f62010dcbd69562f483

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
75KB

MD5
e2613765acd730a54141f91daa9a6895

SHA1
14c3c6c703b97b7ac759eeea18ddac88e8d6e7c1

SHA256
6880de8c38d1174fac1ae85aa4e1fadd1143d534e8a123984b9030c3df452c9f

SHA512
05631aaf0cdf7a25b3baa57a42205b5dfc6eff54f5ef0d2f4434b30c682fd4df69be175e1945f838874064362ff2580ac6b5e14f6d373c16e3d05d39b38392d4

Download Submit
memory/2468-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2468-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads