ec6d0662e4962794f9604078869c19bc5a4f5081a6e2613421f58f11aa3f68e6

Analysis

max time kernel
120s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3b2d756f9c1d6c09386e864995ee6f60N.exe
Size

48KB
MD5

3b2d756f9c1d6c09386e864995ee6f60
SHA1

42f10e26dc537fe3512a943449d0e75500c74de9
SHA256

ec6d0662e4962794f9604078869c19bc5a4f5081a6e2613421f58f11aa3f68e6
SHA512

3f0d99b6621e9942050d4530d906e2328b39fa73fd5e72aa6c87250fbe8fb2b34b62c5c900fa72c4c7a9ac22428893364aed13c7a35f4ea4f7bb696421751de5
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzP:CTWn1++PJHJXA/OsIZfzc3/Q8zx2u9

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3307) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2480-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a0000000122db-2.dat	upx
behavioral1/files/0x00020000000104f5-6.dat	upx
behavioral1/memory/2480-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Accra.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\DVD Maker\soniccolorconverter.ax.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_228ef1_256x240.png.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.ServiceModel.Web.dll.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libbluray-awt-j2se-1.3.2.jar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Lima.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.xml.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Qatar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_zh_4.4.0.v20140623020002.jar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\modules\httprequests.luac.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-modules-appui.xml.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jre7\lib\tzmappings.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Sitka.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jre7\bin\jsdt.dll.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	3b2d756f9c1d6c09386e864995ee6f60N.exe

C:\Users\Admin\AppData\Local\Temp\3b2d756f9c1d6c09386e864995ee6f60N.exe
"C:\Users\Admin\AppData\Local\Temp\3b2d756f9c1d6c09386e864995ee6f60N.exe"
1⤵
- Drops file in Program Files directory
PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

Filesize
48KB

MD5
8df0f9cb4cb47361f9e47c64cee0ee3c

SHA1
a74fe9a60cf7782fa0dec730bb7f2c7155bf110a

SHA256
e8c5a441a5484960960fc32e385ccf43e7e7550fe26cefefae8e4110c28604e8

SHA512
b9b586ca5f9048b20058d292b1cd00fefe8218587cc6ccb325ef590b0b72104bea2532d35c61535448dbce53657a74b098d18aeeed4c07c978dca4fc2922c1b2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
52fd0c276895e6c497457bf977d44df1

SHA1
4e2c0d4b0622b6adeca20523e0f54036bb6aee02

SHA256
8bd15db60a552b77b33e81a71a6b8d994b7a6ed5e8603ee78e14124a41f13cd7

SHA512
5ebbcf2e5adefbe4e71cb095ed845fd5b8e9fa3b4546fbfb25ce48e085350f42b442ad79c3d04f9d744f7fd5d19c0a1ee0558a545c78f4ba4b4a4fae7301988c

Download Submit
memory/2480-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2480-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads