f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
Size

59KB
MD5

749a0ccf968cedd9704e26c15004bfd6
SHA1

6236ab477c0a00d5f140bff16bed86136ceb1258
SHA256

f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378
SHA512

9bf150a023bb97d6c9b59985ecda6658a108abe6b620e8ce453933ac1a707a6e66bbd8072290aa3831772d290b37638f1b92e4c192bc0ac7129262735af23977
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZZ7n97nV:KQSo7ZFZV

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3487) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2452-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/2452-76-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2452-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2452-76-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_zh_4.4.0.v20140623020002.jar.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\highDpiImageSwap.js.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\logo.png.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_zh_CN.jar.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Havana.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\settings.css.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\js\settings.js.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfps_plugin.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.ServiceModel.Resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Xml.Linq.Resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\ResumeRegister.mpa.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-waning-crescent_partly-cloudy.png.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jre7\bin\dtplugin\npdeployJava1.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Media Player\WMPMediaSharing.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_rest.png.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\ReachFramework.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-convert-l1-1-0.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Maceio.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Microsoft Office\Office14\AUTHZAX.DLL.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\in_sidebar\bg_sidebar.png.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_snow.png.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler.nl_zh_4.4.0.v20140623020002.jar.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\release.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Montevideo.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_18_b81900_40x40.png.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspatialaudio_plugin.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\mailapi.jar.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jre7\bin\unpack.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor_1.0.300.v20131211-1531.jar.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\localizedStrings.js.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe

C:\Users\Admin\AppData\Local\Temp\f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
"C:\Users\Admin\AppData\Local\Temp\f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe"
1⤵
- Drops file in Program Files directory
PID:2452

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp
Filesize
59KB

MD5
002dfa6cd689e2ab588a19039f759228

SHA1
babc3544dffe3bb1b81ea9ec6b8f5668fcf625e9

SHA256
5f8ea76c0a32fa666d002dddc0b4a3da8e39375737710d3cd130d680a75d2c08

SHA512
da6a5650d725b8f3051906d2e5fa24dfe806e71b2a94368d076b98530042a2329eabe4a5bc137cfaf5e216526cd4c35b9bca84e081bbde740e31c02eb5169f74

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
68KB

MD5
5add559c361224609d567ca9d9bf0a76

SHA1
eeef9fdc5850423f61d5b82793e0725207b9be86

SHA256
3dfa1522a933f3bfa0e4bb91beb3ab9637ce1c64408ad9d4e07fbfab34ae8c4e

SHA512
52b09a39ee931b4db1663d4683c55492d914d97ee502ac7f928dfe62bf40adae8982349254bc10e17cb01c76f7265e1235f1c735bd137b33c4192b12b14e5124

Download Submit
memory/2452-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2452-76-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads