1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c

Analysis

max time kernel
153s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
Size

68KB
MD5

5b66fc912abe94167f4a53f8a7d37c93
SHA1

282c5d62080049fa9283f9add88823677a340377
SHA256

1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c
SHA512

f4e0d74be1e3a207c43d8c13963c1790aefb6ec0282d6c59b9081726511449b5747f865c78bfc53b8dbe18faef8cdfe7d2cc06ebd73fbc4403c9f5449504b9b9
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZISWh7SWh30Da0De:+nyi/SWh7SWhT

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (611) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4656-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0008000000023258-2.dat	upx
behavioral2/files/0x000400000001d8b2-6.dat	upx
behavioral2/memory/4656-244-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-debug-l1-1-0.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-2-0.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Core.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-1.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\hostpolicy.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Emit.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Linq.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.X509Certificates.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.Json.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.Local.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\netstandard.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordaccore.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.StackTrace.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe

C:\Users\Admin\AppData\Local\Temp\1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe
"C:\Users\Admin\AppData\Local\Temp\1c46d2658670d42c6133f06b4bcdbb10a022dec79f756b1c9f169a695dc13a5c.exe"
1⤵
- Drops file in Program Files directory
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1268 --field-trial-handle=2280,i,4114443225282860369,4764091921472631035,262144 --variations-seed-version /prefetch:8
1⤵
PID:664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
68KB

MD5
ccb0f0713d77923c93270daac477c644

SHA1
3878d16358e62b7584faf1f32e1544939c69acc9

SHA256
061a1ea9edd858155985c4854dbe15a6927bcc3caa6e88c00872fa32e28255cb

SHA512
6295c54170d7c0ec264f25493dac1c3fe0a7688092e97398cb8785ee27855d27187ab1b642fede959a37fd70d3a35c08ce3e1a5a35eca403f46dbf00c9da2dc5

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
68KB

MD5
526f7f7cac46ed5ee39dd60b559a3122

SHA1
8164cb651f04ee1000440482a8d6e2560ce4c991

SHA256
04fe1357e6b4b049b06d3d3efdd1b5f6bf4c6a384438c357adb32e14fcc71454

SHA512
b83eaf9db8f7850293ecc76353dcb3b234b884f81cce810432100c22a50cd2854b50f4b8cae1dc8aa0e4b685d0b8d9a7a7828c4c4d2592f6e336f2f018d5c434

Download Submit
memory/4656-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4656-244-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads