594eee9fe70a913c4ebfa0569e254b9ea6e7e186f0473daf8d7898bb97c764c1

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
Size

47KB
MD5

3fcd0c218b4b2dd9646f5f9cfa74b0c0
SHA1

ec9a63f99e8a8282d5f7a3da9b0402933e07633a
SHA256

594eee9fe70a913c4ebfa0569e254b9ea6e7e186f0473daf8d7898bb97c764c1
SHA512

0cb9314ed7cfd5311b106c7bb0e7491184433a10e770b594b487250516030a09071495908a4d0c6df73eade580ac921400d8455ecceb218b5da842dbbd36ae35
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFIx:CTWn1++PJHJXA/OsIZfzc3/Q8IZn

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2572) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/236-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a00000001202c-2.dat	upx
behavioral1/files/0x0002000000010489-6.dat	upx
behavioral1/memory/236-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hu-HU\tipresx.dll.mui.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Simferopol.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Guadalcanal.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+9.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jre7\lib\cmm\PYCC.pf.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\pop3.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jre7\bin\jp2ssv.dll.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4_1.0.800.v20140827-1444.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jakarta.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_zh_4.4.0.v20140623020002.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\THIRDPARTYLICENSEREADME.txt.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp	3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe

C:\Users\Admin\AppData\Local\Temp\3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe
"C:\Users\Admin\AppData\Local\Temp\3fcd0c218b4b2dd9646f5f9cfa74b0c0N.exe"
1⤵
- Drops file in Program Files directory
PID:236

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
48KB

MD5
4723ced132d4ab89cdaf2d8f7ce0d73c

SHA1
0d6d9dc4c850bba897c2e9986c0cb47dc4372daa

SHA256
bec28878ebea293930164db4c4caf4fe1b34deb396a06fe127dd1c621403efc8

SHA512
6d1c97b6410752d7f97a9981047a1d72ccd064895d35dbc82b5afec2b49ef6f32f6c4a75d5e9effd02d27520a972dc5e67cc0f96dfd46dcc41d318033c10ae89

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
57KB

MD5
adad5674eec99ae85d3c06640ca024cc

SHA1
38412b2d3c101c8daa106313a639a07ade1ed25e

SHA256
6cb303f22ac5d05aab893a0917dc36e686eceff0725c9ae3a5f2ba1ecccf85b8

SHA512
fa26dde534776c17869a04f3dc00819b0575d0b1ed61694cbaca864cd224eb731fc391356179df1c6d8862c36959204c301bf496f0db41cc43287d6e30647808

Download Submit
memory/236-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/236-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads