2cfb251f5efd71a6a272c376d44d7964348c049c844940a9fdd088504e0410f1

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 07:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6b7e34b72e7ce756147f186b46215bf0N.exe
Size

51KB
MD5

6b7e34b72e7ce756147f186b46215bf0
SHA1

26b2dc79c835e67ecdce62325f2e4f207ce32eee
SHA256

2cfb251f5efd71a6a272c376d44d7964348c049c844940a9fdd088504e0410f1
SHA512

09083e51e97e7ae77148bb3ceb84021c40609300b52bc2ccbba9ed0742cfe7c620f835ba8cc24b325bc5891155d3aa9e058e90010a359b0b4c1601b1969c9fec
SSDEEP

768:V7Blpf/FAK65euBT37CPKK0SjxEXBwzEXBwA:V7Zf/FAxTW4

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3238) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2988-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000b0000000120dc-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/2988-656-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tehran.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\javafx-doclet.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_ja.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santa_Isabel.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Entity.Design.Resources.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_ja.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler.xml.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libnetsync_plugin.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\it-IT\FreeCell.exe.mui.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Management.Instrumentation.Resources.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\LINEAR_RGB.pf.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Entity.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\GrantWrite.wps.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_ja.jar.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo.tmp	6b7e34b72e7ce756147f186b46215bf0N.exe

C:\Users\Admin\AppData\Local\Temp\6b7e34b72e7ce756147f186b46215bf0N.exe
"C:\Users\Admin\AppData\Local\Temp\6b7e34b72e7ce756147f186b46215bf0N.exe"
1⤵
- Drops file in Program Files directory
PID:2988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
51KB

MD5
56fa32c1e6e0b6080447031b74e181ba

SHA1
7bb8a82385c33e9a56302dd77e3ccb3d72e6b236

SHA256
78f13d5467864a1b54ee37c7707642ba021b1d157a6d506fc70a1e1f2987c3be

SHA512
91ed0ae85e1b774a0eb6f4a944df30b493cf9952963fc967193ece48f4885611c34e6cae1e40e33c47d4c56263b2763902e3817ae301bcec0450ff315d22db89

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
60KB

MD5
d72b83ad3df2a15c8c3e05b4e89223c3

SHA1
9e030fd2bd38fd64b9633fdcedb115ce026df602

SHA256
fa3ff62d242413869b56f862bb8393c1e003541aab77c561bafaa196592f627f

SHA512
29dea2a761a377852ae664fccff4aafe82ade70946093aedca05d128ce20b03b20373a8203c48776e88dc94b0f6990beb647d6232940bf1acca74c4ffe8649c6

Download Submit
memory/2988-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2988-656-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads