d27f8bd2e292bd360e2d49b945e61faf07f9c761ffd3abf745df9714308b5991

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
22-07-2024 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fea1b165c0ab995449e8a7d4beda370N.exe
Size

40KB
MD5

8fea1b165c0ab995449e8a7d4beda370
SHA1

aa28d443c37369ed9db9183df03a4e38f00cae26
SHA256

d27f8bd2e292bd360e2d49b945e61faf07f9c761ffd3abf745df9714308b5991
SHA512

525a24f5eaaaacd7abd3a755db28ce1363d222f7da045ffa2b7a75263666ddb9142c9c25490f1f8e7de7ac7b459cf608fdbed9081f9ac3592b3985e7e81dc450
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyA:V7Zf/FAxTWoJJZENTNyA

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3037) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2924-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000016c5e-2.dat	upx
behavioral1/files/0x0002000000010622-6.dat	upx
behavioral1/memory/2924-434-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\VideoLAN\VLC\libvlccore.dll.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\CompleteSplit.dot.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-application-views_zh_CN.jar.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\CST6.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Nauru.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-ui.xml.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santarem.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuching.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Sakhalin.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Toronto.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Merida.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.extensionlocation.nl_zh_4.4.0.v20140623020002.jar.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Design.resources.dll.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.io_8.1.14.v20131031.jar.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.tmp	8fea1b165c0ab995449e8a7d4beda370N.exe

C:\Users\Admin\AppData\Local\Temp\8fea1b165c0ab995449e8a7d4beda370N.exe
"C:\Users\Admin\AppData\Local\Temp\8fea1b165c0ab995449e8a7d4beda370N.exe"
1⤵
- Drops file in Program Files directory
PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

Filesize
40KB

MD5
7b3d73d4ddf9fc9d7f2accffa99f0594

SHA1
497c2c0e674d740850de004159f5aea007c5d1c1

SHA256
3010b8825155fbe94ced7d81d649f6c971ff052cde5f483bed560f45843b645e

SHA512
eeecca946e01af0e60ab15befb4821e93332146ec0b7802244de0e0efb771934a925b12be1904954468ec704fa3ae60b0b782918c7852eedbb8f08471d7b96a5

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
49KB

MD5
cbb4f966f4749c2de0c66d5d80bb2ce5

SHA1
6850c57adc1061f11543499ef322a26d633d4a77

SHA256
d9621cbb652b868e312a7ee96ae03d269dabbba94eb09405174825019c97912a

SHA512
4530aee82f4590e1be0ea10a31594c02dca01a266e95bd79b004e793d5529d49a996fd9768d6dffb382f3500d38003c797e68260e047e0da63b206a12287f341

Download Submit
memory/2924-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2924-434-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads