cb49e8885cb492bb448d63abedf1c3b917023ae202b00cb22f5133a59ebb8160

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 03:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
Size

50KB
MD5

5afb19b3538795b4c9f34d4d3f2e6ea0
SHA1

52ced9fccf62ed20d22b11ae309784c88a615a09
SHA256

cb49e8885cb492bb448d63abedf1c3b917023ae202b00cb22f5133a59ebb8160
SHA512

c8a7113373ddf80c39f37be32cfb55109465f108662e2b21df32e146adbee72a1deaea23d2479665209e1d35111d83e9dbb7f1615ce0ff35b6c1c64e47dd20e0
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFIO:CTWn1++PJHJXA/OsIZfzc3/Q8IZ0rfrz

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3179) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2420-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x0007000000012118-2.dat	upx
behavioral1/files/0x0002000000010489-6.dat	upx
behavioral1/memory/2420-86-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Singapore.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\GroupInitialize.svg.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.zh_CN_5.5.0.165303.jar.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser_5.5.0.165303.jar.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jre7\bin\npt.dll.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-spi-actions.xml.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\CloseCopy.xlsx.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Monterrey.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jre7\lib\currency.data.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Printing.dll.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsTap.dll.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-tabcontrol_ja.jar.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3_0.12.0.v20140227-2118.jar.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.properties.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp	5afb19b3538795b4c9f34d4d3f2e6ea0N.exe

C:\Users\Admin\AppData\Local\Temp\5afb19b3538795b4c9f34d4d3f2e6ea0N.exe
"C:\Users\Admin\AppData\Local\Temp\5afb19b3538795b4c9f34d4d3f2e6ea0N.exe"
1⤵
- Drops file in Program Files directory
PID:2420

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
50KB

MD5
b245d9d5babd5d2ea8f3775044978d97

SHA1
9be951d20d98f3180c34d26548699543473c7a4b

SHA256
7026928493aa9f04f778c8c7a938c30aff2dd806d8644eed946064f982d619ff

SHA512
1ae68fbf28e06bbbd9e5efa2550db147ded4644740facd516fbb5d5bbe582b99590ba7c656e05d3f9f893b4b646bf6aac8867e1ff84efe75d95e2a759c97a49c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
59KB

MD5
df7f8acd1397ccd8a391f783e716d129

SHA1
e7d36c67f6868252541b74c272d37344e1e7d15b

SHA256
9296bb13e1b80e22b258caa2901d72e51a5995407bb5936d4b986603f31bfb4c

SHA512
5aa2936f20c9381612b3f55693d89565926a9c5088fa9a02e40e99a6d2da0e2659ffc395e2d69f94309d1eb527b9ae5e992054dcb50073eee7409b007ba912cc

Download Submit
memory/2420-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2420-86-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads