e3b1f8ee7a64e38f1f0ab4d6c5968be4560cb79d424e026fdb6ba4592c147ca2

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 23:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26341df8a0256d8d123a3a8679946360N.exe
Size

78KB
MD5

26341df8a0256d8d123a3a8679946360
SHA1

fbbb33112a4b05bcaba67811a0a345468568b1ad
SHA256

e3b1f8ee7a64e38f1f0ab4d6c5968be4560cb79d424e026fdb6ba4592c147ca2
SHA512

f3ec38e4a6b4b3598d5cb229c61bed2b3a08ba34829bdc778592ea20d392d6c58ba2d636d7f922a40cadb32e3c3c25872f9b965e9eb5850c372faa14c0fe1d10
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxSm6yB0kwNBQ0nQi:fnyiQSoCvi

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3103) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2640-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x000c00000001227f-2.dat	upx
behavioral1/files/0x0002000000010622-6.dat	upx
behavioral1/memory/2640-642-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher_1.1.0.v20131211-1531.jar.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\appletrailers.luac.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_ja.jar.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-awt.jar.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Mozilla Firefox\plugin-container.exe.sig.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jre7\lib\deploy.jar.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Rainy_River.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Lagos.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\StopUnregister.cfg.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jre7\bin\jdwp.dll.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Darwin.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Mozilla Firefox\locale.ini.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_zh_4.4.0.v20140623020002.jar.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multitabs_zh_CN.jar.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Beirut.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp	26341df8a0256d8d123a3a8679946360N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libdcp_plugin.dll.tmp	26341df8a0256d8d123a3a8679946360N.exe

C:\Users\Admin\AppData\Local\Temp\26341df8a0256d8d123a3a8679946360N.exe
"C:\Users\Admin\AppData\Local\Temp\26341df8a0256d8d123a3a8679946360N.exe"
1⤵
- Drops file in Program Files directory
PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
78KB

MD5
c1e818e925564b0680898eecf0b09f4c

SHA1
aa5fb31db587c0b08aef0a6edaab85458e1a0703

SHA256
117953e6042632edf834d13b2d6d5d9fe028c3416351a1d97f20cf8a73fb66a8

SHA512
e6629c9e9d4b0e482782e6d3b26b43250ad52262d07add8eee17d60330d34a2e58a4c7ce1010f74cb9f1d526411c932bc5a7d7b26810d03fe8e1dab7883a2ed3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
87KB

MD5
b11eab7aeb6654f44538671e9cabd6d4

SHA1
6160659f305f0ce9ad6d3ef8cf66e654e19d543f

SHA256
7c545dbd7a3c8921906be782868e64c6d0e8b5113500479bbca86ebb80856bbf

SHA512
60b26240d5cc034a85de6eacdd481396b825e6b3dac445bf7b3e9d428f9b59a474a99294f0cbae875f07ea73046070d550234beffb996d52137761a98b67b542

Download Submit
memory/2640-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2640-642-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads