fd82cee7d4d01ca55745e43811ec9a9b25aaca198cb75660f44d9e4cf5050170

Analysis

max time kernel
119s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0d6bc0e3cebbc6ef01fba8df907b7000N.exe
Size

65KB
MD5

0d6bc0e3cebbc6ef01fba8df907b7000
SHA1

c2caa834ff03948570638a4f6d22f911a475791a
SHA256

fd82cee7d4d01ca55745e43811ec9a9b25aaca198cb75660f44d9e4cf5050170
SHA512

d5521dfe3a6fae6dcc7ed73fe18f4a0dfda3c05ab6187702aa53af55edf58a223aa2c5443a64add01d3e55cff96e5e421111929ddd3eb21343df364c9be40899
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxviYiaEI:KQSo4iYiO

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3212) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2408-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x00080000000120ff-2.dat	upx
behavioral1/files/0x00020000000104f5-6.dat	upx
behavioral1/memory/2408-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\DirectDB.dll.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-attach.xml.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Edmonton.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-tools.xml.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Winnipeg.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\ChkrRes.dll.mui.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sq\LC_MESSAGES\vlc.mo.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host.xml.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\release.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-host-views.jar.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_win7.css.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\ZoneInfoMappings.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Reykjavik.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\bin\management.dll.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Minsk.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_zh_4.4.0.v20140623020002.jar.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_ja_4.4.0.v20140623020002.jar.tmp	0d6bc0e3cebbc6ef01fba8df907b7000N.exe

C:\Users\Admin\AppData\Local\Temp\0d6bc0e3cebbc6ef01fba8df907b7000N.exe
"C:\Users\Admin\AppData\Local\Temp\0d6bc0e3cebbc6ef01fba8df907b7000N.exe"
1⤵
- Drops file in Program Files directory
PID:2408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
66KB

MD5
9c6efa34c768189e5326fb3d0e974e46

SHA1
038bd5ba3b67a963f943cf4e623fd64a3778ff2d

SHA256
4e1daa775f9394b918ab8400b17f5ced06dc244a008d78820d2158da8abde9f2

SHA512
3a1099d0c8ba5f07fd8c14b185013021a82335b6738bd77e1843d45d52a5a604418b5dec6244858ad4567d2d2c57bb448251bfb3478ab12f6cf4882885b1f654

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
75KB

MD5
19df58b9b6b6de6cc69f2f5862b66c17

SHA1
7fb7d08652d74ac45ad19312a26d5d7658588d18

SHA256
a1ff7716fec406b071f4455052cd7c89d6a014a5d71a98f0dd9d70b5454b5c08

SHA512
858a45076cd2e79a415e602457e54b2f9f2f8b5b8f5477a1ae83f4a4aeb6d11063d26811b2f1041fd97445a8ce07431247e45810ec6a97b46bbd8e6405508e71

Download Submit
memory/2408-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2408-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads