522be1690277a9305f2817f75bd3ff78139d928160ddc74e950f38d2a5964ba8

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c324f1b804a061897959ddecac28190N.exe
Size

68KB
MD5

0c324f1b804a061897959ddecac28190
SHA1

97902fcf1a4e01f5fb045442b61906a9ca2de634
SHA256

522be1690277a9305f2817f75bd3ff78139d928160ddc74e950f38d2a5964ba8
SHA512

c8755286eceb678c11cdcc5561d12e7597a0cae77ea72b6658317ee684daaea1fa309de5d99b8dbc35a3a252c2319b9718d97a28eecc810c021bddd0c3c53295
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxviYiaEF:KQSo4iYiX

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2962) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2528-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a00000001202e-2.dat	upx
behavioral1/files/0x0002000000010486-6.dat	upx
behavioral1/memory/2528-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_ja.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\fr-FR\SpiderSolitaire.exe.mui.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IdentityModel.Selectors.Resources.dll.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_ja.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvmstat_zh_CN.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ja_JP.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.xml.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.jasper.glassfish_2.2.2.v201205150955.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-oql.xml.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\DumontDUrville.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ql.nl_zh_4.4.0.v20140623020002.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	0c324f1b804a061897959ddecac28190N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	0c324f1b804a061897959ddecac28190N.exe

C:\Users\Admin\AppData\Local\Temp\0c324f1b804a061897959ddecac28190N.exe
"C:\Users\Admin\AppData\Local\Temp\0c324f1b804a061897959ddecac28190N.exe"
1⤵
- Drops file in Program Files directory
PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
68KB

MD5
1bb15b8b1a7e3bdaaac30303d2f1ed57

SHA1
5c54072c557b12b3a6cfa6efbcf210ea500021ad

SHA256
596f82e732c01972b0bb5343bbd097d0b08bd716a2c7d2849d7883308430a98a

SHA512
4df430b7e571d3959375b8c65d1012b4072a92615accb6967564322ee28f454aff8b45d1cb148cce5a2b837b7f40db38d28215bea8d793e7f85410cff4f0d264

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
77KB

MD5
f3c10d01ed30633b41314f9bb9b90b4d

SHA1
2e7fdecb07cdfb6cb0714aae2bce6f998514e595

SHA256
decd9ff022363ff40c90c096649fdbe9ea1db3b382e5f7a09361c70c0a189fe8

SHA512
f491d0e52255236d852515f30640be52d73c255aaf0ffdcb9cbc9ce1d383260aec4f5a4b34a2a8e829a17762dc11aae559608377ea9199aeaf9950189aa932d2

Download Submit
memory/2528-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2528-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads