e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
Size

41KB
MD5

660b9a459bbbc9d7fb04c42cca34499f
SHA1

a9243222dbda1d819251d0918de0d95effecba0c
SHA256

e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83
SHA512

72919179da217128d3a8715a670f3a87dfc06478d169fc044f130e42884a3c7aa8e763d0163555a7ed4e0d52af10ebd73b7054eb9e502a5baaf8115a60805371
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJjtf8WUtf8WGoj9COieQJfoj9COieQJo:V7Zf/FAxTWoJJ2WjWpf1fv

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3423) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1740-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/1740-392-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1740-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1740-392-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiling.jar.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnetwk.exe.mui.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Windows Journal\en-US\JNTFiltr.dll.mui.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf_1.1.0.v20140408-1354.jar.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\high-contrast.css.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Belem.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Mozilla Firefox\private_browsing.exe.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-dialogs.xml.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jre7\bin\java.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_double_bkg.png.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.di_1.4.0.v20140414-1837.jar.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Blanc-Sablon.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\PresentationFramework.resources.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libsepia_plugin.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\ChkrRes.dll.mui.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libcaf_plugin.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationBuildTasks.resources.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Utilities.v3.5.resources.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsubstx3g_plugin.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jre7\bin\eula.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Damascus.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-spi-actions.jar.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler.jar.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Windows Journal\fr-FR\PDIALOG.exe.mui.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_MCELogo_mouseout.png.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe

C:\Users\Admin\AppData\Local\Temp\e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe
"C:\Users\Admin\AppData\Local\Temp\e816bf00c7d3937a0fe4a34716de72efbac0bc2c399821daf0dab2076b68eb83.exe"
1⤵
- Drops file in Program Files directory
PID:1740

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
Filesize
41KB

MD5
e1f0da5ab5677173b45bf4d1971eda10

SHA1
07371cb12e4c7eab2b8186031780a2abe445c7f7

SHA256
605d65187aa4521af259334f5ee83df885e39f2c67f014275ada75c23148bf0f

SHA512
e81552ccc9746e55e41b1a5010be26ea7913f0aeb4910a62ebc219b9d5d35abe23aff067b49df73f9b7d12efbd7439d5d0b1688ca6f262e980bc9a4de0622266

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
50KB

MD5
02550eccd09c0cbd76bc82992641af16

SHA1
0a1c857a33de400efd38445f9c7c2a28c66edf17

SHA256
5ff825a9551b9f4e90e7472e9c3d4e21a6e197d4ec008ea29a4d01e591fa67fd

SHA512
39ab9a9a53d632d572e70ced88241c0b3f07cb67ba409bf046a221bc9a372503ede402f4822733173b3f37d29bc449eea722a542e4c58633729af3de48b64ac3

Download Submit
memory/1740-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1740-392-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads