d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
Size

41KB
MD5

77121c05fb02c0a8df8189f7ca90c64a
SHA1

54a2440878d1de88520aeb28f5414b141c9bff86
SHA256

d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad
SHA512

a82f1736bbd92722adb703fb553488b17c935b730f9f43e37b11f92b4112d23683a0777fb1dca6c31626f03155fd84ecc00f48f33ae4e73a78f56ce12ba4af0f
SSDEEP

384:FBt7Br5xjL2Kd5AsAoh6n5eaOlIBXDaU7CPKK0TIh6SjmDKAKB:V7Blpf/FAK65euBT37CPKK0SjN

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3711) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2068-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2068-650-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe

description	ioc	process
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Web.Entity.Resources.dll.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\VideoLAN\VLC\Documentation.url.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\ReceiveUnlock.rmi.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Net.Resources.dll.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-settings.xml.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\34.png.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\MinionPro-It.otf.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libattachment_plugin.dll.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\bl.gif.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnetwk.exe.mui.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.metadataprovider.exsd.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Management.Instrumentation.Resources.dll.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libpuzzle_plugin.dll.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-print.xml_hidden.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jre7\lib\zi\HST.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\WaitUnpublish.wps.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\css\calendar.css.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository_2.3.0.v20131211-1531.jar.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\icon.png.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt_1.1.1.v20140903-0821.jar.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\css\settings.css.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\play_hov.png.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-processthreads-l1-1-1.dll.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceArray.txt.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe

C:\Users\Admin\AppData\Local\Temp\d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe
"C:\Users\Admin\AppData\Local\Temp\d6e7c319fa18d07043d39c0dd9ee0c7b5dd99bbb5cb1de66d4aa58c9415801ad.exe"
1⤵
- Drops file in Program Files directory
PID:2068

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
41KB

MD5
9cf938c062d59b847a5b6d93cad71e50

SHA1
7df78dc6da03d07b59524197b354570904d95778

SHA256
ad4c042cf12a268abd4c5ddca4cab5976be8497744c40536442ef2d99758e21f

SHA512
edd97fd4803ed5e8e8d0497c20bae22b2e477505c8a414dc6331ca1696db18680b4c99b15d90d9dff00150808df514634ed4ff8af653da1a6b2b16a7894b5028

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
50KB

MD5
06b163543761e635c836dab3ed65f925

SHA1
a4f4dd30c6beff7a98eb2535e73ca539f89b4a88

SHA256
c3db42cc132bbfa7063459fe38ffa429b722a71849cee248aa3cddf574be5f53

SHA512
42229440682308c6b67d4f4df53f2d2326f841ed51391a62fcd4b6121ed6ec3f2c57a58aa3c84d60e516a206411346b6c7a263d410dc5d7c59bf642a85ec7d35

Download Submit
memory/2068-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2068-650-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download