d0df48e3e828e47230e178e5abc195d4acdc61aa1b64e937398c1143e2a5b51b

Analysis

max time kernel
120s
max time network
17s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21-07-2024 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12b3976c371647b4f1163185cc6570e0N.exe
Size

73KB
MD5

12b3976c371647b4f1163185cc6570e0
SHA1

9021a00b0390f9092847d97531cec52f9885fef4
SHA256

d0df48e3e828e47230e178e5abc195d4acdc61aa1b64e937398c1143e2a5b51b
SHA512

c09dba218e041c81e20fcdc144e789d528a868f525f066298a9ac53c62422d7b7817c5b166542760b678a03647fecf2589faf810627f2e36dd4e8a8fa66f097e
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxT:fnyiQSoq

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3161) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1984-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000012029-2.dat	upx
behavioral1/files/0x0002000000010663-6.dat	upx
behavioral1/memory/1984-664-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Engine.resources.dll.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-compat.jar.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IO.Log.Resources.dll.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Macquarie.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Miquelon.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tokyo.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.commands_5.5.0.165303.jar.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.dll.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6CDT.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cy\LC_MESSAGES\vlc.mo.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.Contract.dll.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jre7\lib\psfontj2d.properties.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_ja_4.4.0.v20140623020002.jar.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+4.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Microsoft Office\Office14\INLAUNCH.DLL.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state_1.0.1.v20140709-1414.jar.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Yakutsk.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp	12b3976c371647b4f1163185cc6570e0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiling.xml.tmp	12b3976c371647b4f1163185cc6570e0N.exe

C:\Users\Admin\AppData\Local\Temp\12b3976c371647b4f1163185cc6570e0N.exe
"C:\Users\Admin\AppData\Local\Temp\12b3976c371647b4f1163185cc6570e0N.exe"
1⤵
- Drops file in Program Files directory
PID:1984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

Filesize
73KB

MD5
9970ff218acc1225984b9f08141a7950

SHA1
577c0f7ceea269434cdaa644bf27a33c3989c312

SHA256
4818fe04db8692885f70f43314f3788372f0bdff6c31e2314e174d81e2e3c7a2

SHA512
2cc9699af11c6f7fb28300aa0c234c8affc6d123022559e6ae3b99794bc82db141ffb025eeb88040d37e0d0be7d62ec83b165aed77f984d7f9e6cc2e8dfffafe

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
82KB

MD5
303fd2b08da835dafce7ca3fb26a4a18

SHA1
1e3f5e32a969489102139c3cc31d80822cd340db

SHA256
0fb03b36302f057b7a01b6a6c97af0974dec0611ce26b2d2e8a2170724584c2d

SHA512
9d75deef2e043ab038f7fde0d657a315b8ca58c5a89e784ee7edc3ae4d65ffe4deda69db90b75468d88a807c90421f122f8f16ab46f25e5ae8e0a74cbd77fb65

Download Submit
memory/1984-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1984-664-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads