a6e98fa879e8ef61e400ca13d44aaa81fcf9e3d254354051bb96bb9c24faca52

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-07-2024 07:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7da9691391be3b2e8f427a5dfb4554d0N.exe
Size

57KB
MD5

7da9691391be3b2e8f427a5dfb4554d0
SHA1

bf33175be79e7560b4d8d6ec00a3bcc47a96e233
SHA256

a6e98fa879e8ef61e400ca13d44aaa81fcf9e3d254354051bb96bb9c24faca52
SHA512

76907ee829070ce0c6fbb0e1f83b248f3dc3f580fceaa5e6ea211e2b4d8de35ed56635b82e0db96bde265ba308968f39c48b8550e364b54bac3b723e26def895
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8NCuXYRY5I2IOYA:KQSoDuXuv3S

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3272) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0002000000010489-6.dat	upx
behavioral1/files/0x00080000000120f4-2.dat	upx
behavioral1/memory/1008-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/1008-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Indianapolis.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Choibalsan.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.DataSetExtensions.Resources.dll.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\classes.jsa.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jre7\bin\zip.dll.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\dailymotion.luac.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi_3.10.1.v20140909-1633.jar.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_ja.jar.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Macquarie.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Nicosia.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Mozilla Firefox\removed-files.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.properties.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\ReachFramework.resources.dll.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe
File created	C:\Program Files\Microsoft Games\Purble Place\es-ES\PurblePlace.exe.mui.tmp	7da9691391be3b2e8f427a5dfb4554d0N.exe

C:\Users\Admin\AppData\Local\Temp\7da9691391be3b2e8f427a5dfb4554d0N.exe
"C:\Users\Admin\AppData\Local\Temp\7da9691391be3b2e8f427a5dfb4554d0N.exe"
1⤵
- Drops file in Program Files directory
PID:1008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp

Filesize
57KB

MD5
53c35857d0ec8ab6c9c74c72d150bca0

SHA1
c76bccebcfffd75292ab37100402b4395aff1142

SHA256
79e769c93a30b59cc24dc3b32a2cdec535b185d5568d046bae8d57d99f931730

SHA512
686f324f1ac7477dda4508b98d9069b389d4af8eab59c087807f0e141adad8c80af5da509884371d52218bfe2977e61a7f31c954e27cd9cad1c93c6c4d1cda63

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
66KB

MD5
b982d0b6b77495fbbe1c98496ee97e17

SHA1
f07da37bf8b4a56963fdd2c0470a9e253cd29bb4

SHA256
483df979e49a66c3c06f76a8d4efd26080118946b4a8dd52becb2fe7256879c8

SHA512
52d1f8a2a35806d0a8fc99d2cde8ccf6c77ded8cb9183843deb8aef9b9c8ac68d3f3e972aae3bc69f50d11d692fff806faa932020e514329153fa00ce92b28a3

Download Submit
memory/1008-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1008-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads