eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
Size

78KB
MD5

ece6f209e287deef248f5452ed66eac2
SHA1

3243bc0aa2249a4d59910cee1e6b925f04ce5845
SHA256

eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684
SHA512

f66f87b657adcb421b014345dd9476f45a5a2071edfc3358019d7a2f53640141bd31e1293272d0a3c81c5d1168dd378cd0723b73445d3d7f1ceef6ab22f5058c
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxZfxRfxy:fnyiQSoWf7fM

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3309) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1992-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1992-308-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\license.html.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-spi-actions.xml_hidden.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lo\LC_MESSAGES\vlc.mo.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Internet Explorer\pdm.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Madrid.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.ServiceModel.Resources.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ReachFramework.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jre7\bin\t2k.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Microsoft Games\More Games\es-ES\MoreGames.dll.mui.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.html.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macGrey.png.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-api_zh_CN.jar.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Management.Instrumentation.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Internet Explorer\pdmproxy100.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk16\windows-amd64\profilerinterface.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\vlm.xml.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\invalid32x32.gif.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe

C:\Users\Admin\AppData\Local\Temp\eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe
"C:\Users\Admin\AppData\Local\Temp\eb31344c5978002527314547b5f80e303429f554643853bc5b9dddbf26ba3684.exe"
1⤵
- Drops file in Program Files directory
PID:1992

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
78KB

MD5
6db4137fe943fb131683ad5bf24d85f3

SHA1
2ddc7622ed2dbd8b04090722f74ebd545c311c78

SHA256
cdaf9dd43a5042573ac414911b3ab9a2b5add24d59a3c52d4ea398634bc11484

SHA512
598d0d6636ca050401afb1cf619c76cd7773812670dbf8ea3a4a9565fb26419cde70930c0fb4782c44fbca5141600848a1de406d7e9092aa82a51dc422130142

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
87KB

MD5
17066850db9ef2cef3043b0d58edcb84

SHA1
5044daebb0116d7bc2f64d1b6edd0378ddc2cdef

SHA256
93a63fc77852b584d66ba5106e6baac2df2b46b96b1adf8665dccab1b828fd7f

SHA512
a74fde4daad542c72c3bcca7174406f2297157f79c6760faf6484257d0bd3399ff9849549c4661a75c2b2654ccd98965d2adb2f542e42dfbdaf8486f9229a741

Download Submit
memory/1992-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1992-308-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download