f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 05:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
Size

55KB
MD5

24e4057bb70a1a5c32777e549feaad79
SHA1

6c1d154935d075ce387d0240c8b1ba6f27e7bbdd
SHA256

f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6
SHA512

175c578feac2ae34ec4cf202278941ef77d4864b5c72fe15cd218025bd4cb6525d6eb24d6a2e0d6268242958184ab12ae071e398d4979d7858f2546b27119ed1
SSDEEP

768:67Blpf/FAK65euBT37CPKK0SjHm0CAbLg++PJHJzIWD+dVdCYgck5sIZFZFsFE:67Zf/FAxTWY1++PJHJXA/OsIZ3FsFE

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5034) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral2/memory/2332-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
behavioral2/files/0x0006000000023278-2.dat	UPX
behavioral2/files/0x0009000000022975-6.dat	UPX
behavioral2/memory/2332-1808-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2332-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0006000000023278-2.dat	upx
behavioral2/files/0x0009000000022975-6.dat	upx
behavioral2/memory/2332-1808-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\lib\management\management.properties.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-runtime-l1-1-0.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-140.png.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Spatial.NetFX35.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Queryable.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\freebxml.md.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Channels.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationTypes.resources.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.XLHost.Modeler.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CASHREG.WAV.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\et.pak.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngdatatype.md.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSYUBIN7.DLL.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Pipes.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationFramework.resources.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Java\jre-1.8\bin\resource.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\ReachFramework.resources.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ul-oob.xrm-ms.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\cpprestsdk.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-ul-phn.xrm-ms.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\TURABIAN.XSL.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\zlibwapi.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Tracing.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationCore.resources.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\index.win32.bundle.map.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dynalink.md.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe

C:\Users\Admin\AppData\Local\Temp\f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe
"C:\Users\Admin\AppData\Local\Temp\f15b59662cd9c7d5878dd73eac011c3bdd8fcd7cb5aff4ade0dc5b49557f09c6.exe"
1⤵
- Drops file in Program Files directory
PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
55KB

MD5
c719780090076464906bf7aa26d1c366

SHA1
c1f7d4fd8f72948b183ccdaf64f983645e2673bd

SHA256
f0d4f094c90a3dcc0a3b1bf925115d38abc166ae9aad7f2ffcf70968cdd5e676

SHA512
6189f1c076c9f6981f65a6a08b82a945b5dc3cb5ece017d20ef2737fa31b769f5bdf03cbdbae0e43df80ddd86a190914a27fcff22d7912b48e4d943f8dbbadab

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
154KB

MD5
9048ebdd10083b32837c8df72968ff76

SHA1
8d666649df955f324e6f5845adf8e2ae2f8391d0

SHA256
35fb363a20d8b8a18ce632319163bd5d4ca8a25481d6310d30e29240b090f8b1

SHA512
e6d64349cffd5cfa0ad6434ef05b0f50ab16b49a040e4d44de50b01f3ee568d58a03e678d81f322870766f48ceaad0e997353cb63035304b30d93e8bda30d681

Download Submit
memory/2332-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2332-1808-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download