d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
23-07-2024 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
Size

58KB
MD5

8e8a20b51932c5ee2815e84a5187d57b
SHA1

04b56045c184e0976710fe76fa35dcc9363c1c8a
SHA256

d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17
SHA512

0e2bd3c400cf03d7a263e11641f2e7832dab73124244c389b20e60f5bb8207e55e939ccce4f56a1e4d5539961eaf63c1178c71c327dc2ed19c2431049f147d08
SSDEEP

1536:V7Zf/FAxTWoJJ7TTKP2awclvmxaKP2awclvmxi:fny1aP2awclvmxrP2awclvmxi

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3514) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2704-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral1/files/0x0007000000012119-2.dat	upx
behavioral1/files/0x000f00000001045a-6.dat	upx
behavioral1/memory/2704-648-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\MCESidebarCtrl.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\calendar.html.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\css\cpu.css.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev-down.png.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tahiti.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-ui.xml.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\currency.css.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_basestyle.css.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libstereo_widen_plugin.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.properties.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiling_ja.jar.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\ExitUnblock.3g2.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Utilities.v3.5.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\RSSFeeds.html.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Esl\AiodLite.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.core_0.10.100.v20140424-2042.jar.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Paris.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_mosaic_bridge_plugin.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_rainy.png.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtospdif_plugin.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libanaglyph_plugin.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Microsoft Games\Chess\ChessMCE.png.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\js\settings.js.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Internet Explorer\msdbg2.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CET.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libdummy_plugin.dll.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png.tmp	d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe

C:\Users\Admin\AppData\Local\Temp\d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe
"C:\Users\Admin\AppData\Local\Temp\d6c1996da395665015fc340da1997598495fa28e273285a37a745b53f5dbcf17.exe"
1⤵
- Drops file in Program Files directory
PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp

Filesize
59KB

MD5
fde9472dfa973eb411a23aa18e35f211

SHA1
abce30da58b66e8783ee979e31b9f474e5852dbc

SHA256
c2c1ff1e5285ba6467f84a06aaeaaec0f9316ffb158978a5c412fcc71dd8aec4

SHA512
6cd83bb805ace1601b2b9df2def399b9eaba5158437ec1a54a8ebf8525e7bb7cad7ae83cb632d01dd123fb4613166722501bb3582ab45d6397487da7a3982e5b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
68KB

MD5
f6f36ccf98720105644076a382316872

SHA1
d84d6e34099e2636afc9adea5269ebd8b1bb5363

SHA256
b772151245a03fe61a3fb973f6c5b2a7a009e5364321fe8dee567c0bc9f829e1

SHA512
2b0bdd67e236c0acc5636e57d779a97466aadf6ff25c82858ba005b496bc8c0ce7f92a3c3eca2e8ecb2f8e82a202ce7dfffd5d8b5378fe0ad321df01de36123f

Download Submit
memory/2704-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2704-648-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads