f671db42d468316f84597075d83ef8b95715405aa4c91a97bcb735b7b4371806

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9453e491633ef0b4a9cdf17ed6865a11.exe
Size

1.3MB
MD5

9453e491633ef0b4a9cdf17ed6865a11
SHA1

a33e0238ecfcffced47a81340c6eafd79753e46e
SHA256

f671db42d468316f84597075d83ef8b95715405aa4c91a97bcb735b7b4371806
SHA512

cb02dd8f4e8b08bea5d80fdf0d8fb9adc5f191d2d2c840da9cd4cf44dbbaa47575b4b95ec19b660958dde9137495f4a1172064bde7d1f808bd00ba68490bc621
SSDEEP

12288:7AIuZAIuOylj05a55PJQHbuZ/kPlWzsiqL1SWb3bqnw6wNHy0N0/AnQ63zg2nzTI:Iw5Qyc+Aqw6KH+AQ6g2zTHqv

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1762) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3168-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000a0000000233ea-2.dat	upx
behavioral2/files/0x0009000000022979-6.dat	upx
behavioral2/memory/3168-706-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationTypes.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Extensions.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\coreclr.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Xml.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Calendars.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationCore.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.CodeDom.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\D3DCompiler_47_cor3.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationProvider.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp	9453e491633ef0b4a9cdf17ed6865a11.exe

C:\Users\Admin\AppData\Local\Temp\9453e491633ef0b4a9cdf17ed6865a11.exe
"C:\Users\Admin\AppData\Local\Temp\9453e491633ef0b4a9cdf17ed6865a11.exe"
1⤵
- Drops file in Program Files directory
PID:3168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
1.3MB

MD5
317659b32050d57eea3c3dd3c97d6a74

SHA1
1097d0b8e14a6c72ed4e42ba828d7073a218f811

SHA256
3505b3d026e86442fef9bff19eb4a86f519500999db6858e054d54b8810334c5

SHA512
cd966c014283c64e4675b19f61ae6246d837afcca45e61c10f0dad67d13ed0c392cb651220df6722ce297a4471dfc9f4398e2e8613a0ee6c8e1665b800958e33

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
1.4MB

MD5
9f3689f12fc323c2fc52145b2507df65

SHA1
8d687269020c5143628eae05c1f72aeb33015498

SHA256
25f8c451c4a7bb78025bc7c064ec0c127df7c8fb7cd7db3c016f17cfd1c16abf

SHA512
930fceb72294cec0c30723a41b9863d2ceeaaeb8da35a31b27eef8119fb361d222eca586f27477ebab4c4c2942094854aa071e7dc82796aa465664d4a4173146

Download Submit
memory/3168-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3168-706-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads