93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f

General

Target

93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
Size

53KB
MD5

055f3848ae0b2e952fb07c428a156c2a
SHA1

faaa763defaa004752b85a47679b11ccce392266
SHA256

93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f
SHA512

b368e049f5e344079ad2f67953d6f35641a30325a224714a6203fc793dbb41bbf74b6fa688f6a997209046426335bafaee99b07c74cc3dd290b7c4bf942ed5d6
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8yiAJ1M6hJ1M6X:KQSo/

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5199) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1700-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp	UPX
C:\Program Files\7-Zip\7-zip.dll.tmp	UPX
behavioral2/memory/1700-1116-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1700-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/1700-1116-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ul-oob.xrm-ms.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-pl.xrm-ms.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngom.md.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-oob.xrm-ms.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationCore.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHMAIN.DLL.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Configuration.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\ReachFramework.resources.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.resources.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\InitializeUpdate.pps.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\JitV.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ul-oob.xrm-ms.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\fr.pak.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CLICK.WAV.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlSerializer.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\ru.pak.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp	93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe

C:\Users\Admin\AppData\Local\Temp\93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe
"C:\Users\Admin\AppData\Local\Temp\93d100bf67256ba70a34578affe42679956857dd2f0cd6d7d9aefc7204260d4f.exe"
1⤵
- Drops file in Program Files directory
PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4124900551-4068476067-3491212533-1000\desktop.ini.tmp
Filesize
54KB

MD5
fe0c18aad2a68f9d3c55239003ca6038

SHA1
e9a9a27541c01a38ecca2dd9bf6321c9cbed0b52

SHA256
6925f64d3cf4977e79546bfdbd39fcc0dbeb9bde597eb4eaa0e8fe69ac7d03ca

SHA512
d36a62e68aa45f26bfa7009255a8a6d9f52bcdd93508a6227231ddb756aaf1a561f36b0798501e57cb507e5bbff913833021239fa5489d6edf00b63c1a7301e3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
152KB

MD5
8074e2930964fc9064ab8a899dd292da

SHA1
6827093ad699ad909bc19cad5e3bc961e3702466

SHA256
a6400a4b9163417ceca3b2bbe920454a0a1d46b15df4145b2c75a1ae85cff462

SHA512
ee2e249cc4037cdb44d38ef4df43a9d754cf4cdcfd922dd2f13f93d007530fe5e8572e3a8920a77362a4ac990032bbd6a3b78330a5da1d49c4cc632c83712526

Download Submit
memory/1700-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1700-1116-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads