c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
Size

61KB
MD5

34642a3485f2acdae125e59a09333da8
SHA1

6e47bdc2481b7027fddd81adc4dc7ad6b301ed8f
SHA256

c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9
SHA512

e1ba6388cecbd3896b34fbdc0d0200c522ebced7332934f35ecbc01ea4d4fb795eb1700665e316e351a476505ee23a947943d33f9eb427edd2f442fea98035ee
SSDEEP

1536:V7Zf/FAxTWoJJZENTNy+TW7JJZENTNyADR:fny1tE6tEfDR

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3217) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1604-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0009000000012286-2.dat	upx
behavioral1/files/0x0002000000010620-6.dat	upx
behavioral1/memory/1604-404-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Jamaica.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Reykjavik.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\de-DE\SpiderSolitaire.exe.mui.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\jquery-ui-1.8.13.custom.css.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf_3.4.0.v20140827-1444.jar.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-javahelp.xml.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-output2.xml.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Microsoft Games\Hearts\es-ES\Hearts.exe.mui.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-stdio-l1-1-0.dll.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_ja.jar.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluTSFrame.png.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.lucene.analysis_3.5.0.v20120725-1805.jar.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\reader\filename.luac.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861261279.profile.gz.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Indianapolis.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\ShvlRes.dll.mui.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libmft_plugin.dll.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-common.xml.tmp	c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe

C:\Users\Admin\AppData\Local\Temp\c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe
"C:\Users\Admin\AppData\Local\Temp\c6abc5f694de06a8ab2c3bc1af3d2a94286c6c51094d622126b28a9365b53cb9.exe"
1⤵
- Drops file in Program Files directory
PID:1604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
62KB

MD5
c765376dafee9f956f9f73dfabf35414

SHA1
06ed04211087825cc86621f38d454d46b0b17f48

SHA256
c6be7386dce49712356650cf76c246c3901a373c062a07e2687871b6d2bd50f3

SHA512
9489d705daee2696b753a561ecf4a228b66ef627514df5b86e34b680a9bee6f05b18dd661ddeb61ee69fe62f0b5b39472f849e9cb2240aad51e221c74a2dada0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
71KB

MD5
5cc18369ac38ba73acf7735c92fc36c2

SHA1
01b08a9852ed5cecd12ec4b5d35cfef03ae0460d

SHA256
cdd2931aa7bf682bbe536048ac3a1fdfaec92ff51066ab29584e4b5077d25a86

SHA512
e6a69f95fec23cf69bde4aba2c2203b26703ad48528642640c825fc30db5752eac2404479c02698bca811048d3d07e97d427c27764ff0dac831f0dfcf5ab70ff

Download Submit
memory/1604-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1604-404-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads