ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
Size

68KB
MD5

d97379c6d80ba7b679fdebd94bfac7ee
SHA1

6cf8c8e2cfe54aea587b9386367c3493d42a3ae9
SHA256

ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035
SHA512

d4ef95659c12d3311e056d782ff14b201a661566be01ee5c3d26f5f33e0b914567a4e1b007dcf8a84e8848a082f590022122afa9140e8ed7cef80e742ee1ecf3
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8c:fnyiQSoP

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3307) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2080-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/2080-294-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2080-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2080-294-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\en-US\SpiderSolitaire.exe.mui.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\index.html.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jre7\lib\management\management.properties.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Printing.resources.dll.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\epl-v10.html.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\flight_recorder.png.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\ja-JP\Minesweeper.exe.mui.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jre7\lib\images\cursors\invalid32x32.gif.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Buenos_Aires.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zaporozhye.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\MANIFEST.MF.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-core-kit.jar.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\ConvertSave.pot.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Vladivostok.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Audio-48.png.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-1.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\fr-FR\shvlzm.exe.mui.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_zh_CN.jar.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp	ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe

C:\Users\Admin\AppData\Local\Temp\ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe
"C:\Users\Admin\AppData\Local\Temp\ee3bd21b1fcc82c410da9270b56366f7ad52c688b0b7a92a9afbf8eb4d98d035.exe"
1⤵
- Drops file in Program Files directory
PID:2080

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
Filesize
68KB

MD5
5f1cae92dd7cfa3f2aed2f60fbe1a47b

SHA1
14864366905be35c9c1e19bcca827a2e5e30c56e

SHA256
c87346c7e78f2d8a1b0925a1ebdcc419aa03b217457462d870a1b3a98ad13795

SHA512
66576eb4daa599cdc14e213032fbe99beaa581c50a497ff40991caa7af1a6b79775410706efd4a4072e37b76d474c2c1046146e387e44b56ffa7a0c4256d337a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
77KB

MD5
4ce01bf60ba0a53f3bd3a65cea714027

SHA1
03249ea5d390df67596a5e73d7382252da3cda2f

SHA256
5f182ed54a9496b4cec12f88ccf0c9bb51ccf671e8805107a217ec7f3e49cb89

SHA512
bdbcf0378fd9695a7518ebe08f806fd01843ae4312e3a5b129173a95e6b4b6699174606ad6e794e207c94d08fb91d6648052be4ffcb4e54f11a4a2a520100030

Download Submit
memory/2080-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2080-294-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads