253662ed596d9ff0683f5a55079bcc619dbdfd0aceadd75351389773bea90626

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 18:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fcbad715b948b4c5f30675fd3febc6c0N.exe
Size

65KB
MD5

fcbad715b948b4c5f30675fd3febc6c0
SHA1

0c090e9d05fbd353138411ac59d0962551d990db
SHA256

253662ed596d9ff0683f5a55079bcc619dbdfd0aceadd75351389773bea90626
SHA512

4be56533a0cda49fa5daa0f89383b0dc703536f2b9807361bb0820c76d4efc26b69e2ef1a02a55f49f8f7c8d574a829046ff6c1719442c54945e33e785a38f7c
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxviYiaEK:KQSo4iYi8

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2797) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1724-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/files/0x000a000000012291-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/1724-68-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper.registry_1.0.300.v20130327-1442.jar.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Rothera.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_ja_4.4.0.v20140623020002.jar.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Helsinki.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jre7\bin\prism-d3d.dll.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\keytool.exe.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jre7\bin\rmid.exe.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.servlet_1.1.500.v20140318-1755.jar.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-annotations-common.jar.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp	fcbad715b948b4c5f30675fd3febc6c0N.exe

C:\Users\Admin\AppData\Local\Temp\fcbad715b948b4c5f30675fd3febc6c0N.exe
"C:\Users\Admin\AppData\Local\Temp\fcbad715b948b4c5f30675fd3febc6c0N.exe"
1⤵
- Drops file in Program Files directory
PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

Filesize
66KB

MD5
04b38daae3d0ff10791261a7ac192f67

SHA1
b747f7b840a1f100578791f092b5785528f9a557

SHA256
3b4d40cff4fcd6129c769fc292e81575199b0b1108fe39e21c1aef9c771322de

SHA512
97b0e9eb88625a44e252f63354eee7709e6a9190c5967c68982058614122a1f574b8dfda485ef24f9d4af5b0504140859ba7c165662abd0db3428e1758da5ec8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
75KB

MD5
3809d7fcb10cadd56dfc23eeb44a23fb

SHA1
bc5b7c42a6641004fbd303028c3dcff60cfe9666

SHA256
32c7e1450a9b98508245818a5ea370d67fd90ba9afe28c3ed8999c52dc9e8860

SHA512
70d2121ca6d41d536e0509590d85f49bb02a7c0edb0007c2563abf8a87a522b243900cb16637b24f0ec314a45fee33a7b122b3a2d3e77f781709ef53152de33b

Download Submit
memory/1724-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1724-68-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads