db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac

Analysis

max time kernel
150s
max time network
129s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
Size

97KB
MD5

247e8ad06cdaf479c538c1077c378e00
SHA1

e8675195b36f71352d0e11be968e6ff60124e095
SHA256

db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac
SHA512

2d97ad099f5d8d1214fbea61b19bf11f0738e49319553eda876461de7e6cd6055f35dea65340f7bf7650a99bdfb6822eb71174b2ebcd68ab473b905a91cf7e8c
SSDEEP

1536:a7ZyqaFAlsr1++PJHJXFAIuZAIus0J0/AnAr:enaym3AIuZAIus0J0oAr

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3145) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1924-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1924-160-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-application.xml.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_ja.jar.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ach\LC_MESSAGES\vlc.mo.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-heapdump.xml.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_100_fdf5ce_1x400.png.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_ja.jar.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Broken_Hill.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Mozilla Firefox\firefox.VisualElementsManifest.xml.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-progress-ui.xml.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Rangoon.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Mozilla Firefox\browser\features\[email protected]	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationTypes.resources.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jre7\bin\jli.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libvdr_plugin.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base_4.0.200.v20141007-2301.jar.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-options-keymap.jar.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-plaf.xml.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe

C:\Users\Admin\AppData\Local\Temp\db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
"C:\Users\Admin\AppData\Local\Temp\db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe"
1⤵
- Drops file in Program Files directory
PID:1924

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp
Filesize
97KB

MD5
d7865cea24426645b4f761c549812110

SHA1
69de792fdf5586915bc2b8118de30b187b8042e7

SHA256
6a9ea441012c9f9da2d554e8629263586974d3ed56a2f7f6fdd16c9aa6e47823

SHA512
05366a72a68349b92a52c18dded878b630aacb7684f489eaa372c0d302716d12a50533f5be41bab3a4fbfccc2bb2784efa1f2035010f30c54da830e17918c2c0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
106KB

MD5
fc582a3b8f0b0799e833bd5882dc7e03

SHA1
48506e899837aa4fdaab9f9175c479ed339435af

SHA256
56b756f1a3c999030439d28bc3f6d8ba29bc16af06ca62345771d25783831f15

SHA512
2608df5fccd6b5a11d8312269b4c08d10b461343f882e9ab54e56da0f7b5ac2b369f175dd79dc26e4fa0ec34aaa7ed675b61894e44d34d9d6020a06bfba6c4f2

Download Submit
memory/1924-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1924-160-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download