8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b

Analysis

max time kernel
150s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 23:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
Size

41KB
MD5

23df42d12e1041764b9ecdbd2d14e3ef
SHA1

5c4db08119b62d9b361c2952d8bd6880c81e5450
SHA256

8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b
SHA512

926171942ee13792d9f7977ac539f57f9f15bb776076e5a8f62bdf129e29312770f92559210e7a6b9b527b4f1e8038114b2f4c7c82b75deaf210ed47c8e67715
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAvL5:CTWn1++PJHJXA/OsIZfzc3/QuL5

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4815) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral2/memory/468-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral2/files/0x0007000000023305-2.dat	UPX
behavioral2/files/0x00080000000229db-6.dat	UPX
behavioral2/memory/468-906-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/468-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0007000000023305-2.dat	upx
behavioral2/files/0x00080000000229db-6.dat	upx
behavioral2/memory/468-906-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\jsound.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription2-ul-oob.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-pl.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Controls.Ribbon.resources.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\DATATRANSFORMERWRAPPER.DLL.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationFramework.resources.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ms.pak.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XDocument.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ppd.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ul-phn.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.DriveInfo.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk-1.8\jmc.txt.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-phn.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\WindowsBase.resources.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Formats.Asn1.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-ppd.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-pl.xrm-ms.tmp	8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe

C:\Users\Admin\AppData\Local\Temp\8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe
"C:\Users\Admin\AppData\Local\Temp\8a4711d3285111fca73d0dc86d3feed1e8253c1f377d584385b1e123decc512b.exe"
1⤵
- Drops file in Program Files directory
PID:468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
41KB

MD5
b28f7f6d627a810c1b45f4fd0ae8a688

SHA1
798d7184d0c10fba97fa8417cdfae3104627f880

SHA256
6faf8647769ce01ddbbe0129db8f60a93276cad6c73d7e22cd942bae0a1eb124

SHA512
3c1c6576b6b9d8b31d3bc3f7c122aa91cf67233d84ae67318d8447d91af0d019591cb5cc999f512dbd90a05e9dce66383220aea0a457b7ffb546d1b500d1e42d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
140KB

MD5
c2cf305ef68a0ed6e412d100d5f37ca6

SHA1
026596652f833817b4ef9bc4ce75bf02e5e40a3f

SHA256
a411239af4b301932e4489452db17bed6cfd8f070e9083ed98b844ed7d7e6ec3

SHA512
82aaf6fa1fcb198ab67512375fc8fc346593335a2c8e99963beace94651b64b763dfb7ca4a1886f69f93be88962a0ac80791d55e5c19539329d0409f64791b06

Download Submit
memory/468-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/468-906-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download