ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 05:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
Size

46KB
MD5

8ff30e0e2eeb28932789ada57c96bab3
SHA1

364fc532ac06f389f1aebbee598373c0563da735
SHA256

ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44
SHA512

b47372b712be43d16c1995e09c26f101b1b97b1b48e24b1d1e8a13b6188ccfcbd7fc6120487e8329a9ad44396a080e974bc2c1d6c25a787748248c8a37ded371
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFz+:CTWn1++PJHJXA/OsIZfzc3/Q8zx4

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3455) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2344-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/2344-74-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2344-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2344-74-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\liberase_plugin.dll.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Mail\it-IT\msoeres.dll.mui.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmplayer.exe.mui.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\back_lrg.png.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\settings.html.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.properties.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\spu\librss_plugin.dll.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\9.png.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Defender\de-DE\MpEvMsg.dll.mui.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Journal\it-IT\NBMapTIP.dll.mui.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861258748.profile.gz.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\uarrow.gif.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-uihandler.xml.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_wasapi_plugin.dll.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\main.css.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-dialogs.xml.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_right.png.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_left.png.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Kaliningrad.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_rest.png.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\css\blafdoc.css.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.properties.src.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmagnify_plugin.dll.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Saipan.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Perth.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnssci.dll.mui.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\8.png.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Cairo.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\epl-v10.html.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh89.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp	ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe

C:\Users\Admin\AppData\Local\Temp\ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe
"C:\Users\Admin\AppData\Local\Temp\ffafc4c110ebb0a732919e7c328ebe208a700487d1d3ef229fda499c150bdc44.exe"
1⤵
- Drops file in Program Files directory
PID:2344

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2812790648-3157963462-487717889-1000\desktop.ini.tmp
Filesize
46KB

MD5
46dd9e2bd3269102ce84f0440e9c50bf

SHA1
3d387743847ece0d9285ee8e96931544716a86dd

SHA256
3826c66fe025a7f366f0802ab742cb973cefa3f8eaacbfeba03ea88b397cb742

SHA512
002a2434c3822077549d486ed5ba1c3c1345f0be3af78c41ceb99493f0bf86e56ec245c774bdb3c69ad42763427d53d5ed884224038f7b078a3402ad91534f6c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
55KB

MD5
14b8e3045600a321d4073bcee78625b0

SHA1
c6173a5e2395c4d03b27d44c9e720efce706a99a

SHA256
d324c4b16b178f6faacffbdee23e4e22ee80a458f8d2cb3362f7c551f592df14

SHA512
352a1c1c75505fd1c7a2042c2cada26734a0d91c1a30a069e7e8e0ccce1d9545ee563b2fbed210a8e07ceef133699432c9a5a665033e8045dba66f363588c4df

Download Submit
memory/2344-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2344-74-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads