4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 21:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
Size

110KB
MD5

04bee44550aa144a6606ebc1ff8373ee
SHA1

e616ef93926813d28371cd5697625848fc4fd69f
SHA256

4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38
SHA512

459650fd7c0c57ca601c73df86648f5ed8829144f04fac089a9eebcbfec7a69312e47673bf64131e1ab5f400a539b9396fe12ac6d9168e639b10c3892c8caa28
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hf0xS:hfAIuZAIuYSMjoqtMHfhfn

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4830) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral2/memory/4316-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral2/files/0x0006000000023266-2.dat	UPX
behavioral2/files/0x0007000000022983-6.dat	UPX
behavioral2/memory/4316-924-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4316-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0006000000023266-2.dat	upx
behavioral2/files/0x0007000000022983-6.dat	upx
behavioral2/memory/4316-924-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.ILGeneration.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_OEM_Perp-ppd.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-oob.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ul-phn.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClientSideProviders.resources.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Xaml.resources.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ppd.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ul-phn.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\it.pak.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-pl.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.policy.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-pl.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\openssl64.dlla.manifest.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-phn.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART2.BDR.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\SmallLogoDev.png.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-stdio-l1-1-0.dll.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp	4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe

C:\Users\Admin\AppData\Local\Temp\4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe
"C:\Users\Admin\AppData\Local\Temp\4423f4950d3a8c8dedf5230233a26694e66b78bec5378dfc45c403730953de38.exe"
1⤵
- Drops file in Program Files directory
PID:4316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1162180587-977231257-2194346871-1000\desktop.ini.tmp

Filesize
111KB

MD5
003cab9bf10d8902ee0bc7fda913301e

SHA1
0da474b70b03b797afad0e930fbcad9038b66173

SHA256
1d95341088a7b2d4b92cd75a33d7982fc2b45afafca7e4dda776e1aac9c473f2

SHA512
ee81cee012ddaa245a6ded930bebdfe566ff62576a0587f60e563ad81f01519aa944270cb4009b11b1fc64420b717c2031abd14bd28023fe7c95e2754f7a8b5c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
209KB

MD5
2bb4f97048d82bcc15c24a04387984eb

SHA1
48ada265d437dbfb05e69258cd0854935517f158

SHA256
2f4771a9a1ce45411064ba4abe333daa09a7732a22d8d2e2e26304b885b178fb

SHA512
69ce9071f80db28ceb905ead3f253856ac99c2f01c861f4423c67e9645b60204a36247dc6e4db12acf8761cc56041d5bc2b235ba2962f08e14be896fdc20f460

Download Submit
memory/4316-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4316-924-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download