b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647

Analysis

max time kernel
149s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
Size

40KB
MD5

9133c45c4dc2bc40a8721d6ea5384ea6
SHA1

3d1466aa0edb7880d16b171f8ac10f3b416a69b3
SHA256

b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647
SHA512

add4d293f4de44dbe0d260bed36e3d7c35b3e00ec6650709460acc9215ae8f3900314b4cdfbabf2eba2ef10920418675ecd2982a2767e81f754162d9181402c1
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFc:CTWn1++PJHJXA/OsIZfzc3/Q8c

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5186) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

resource	yara_rule
behavioral2/memory/1068-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral2/files/0x0007000000023288-2.dat	UPX
behavioral2/files/0x0007000000022959-6.dat	UPX
behavioral2/memory/1068-1212-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1068-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x0007000000023288-2.dat	upx
behavioral2/files/0x0007000000022959-6.dat	upx
behavioral2/memory/1068-1212-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-oob.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnPPT.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\WindowsFormsIntegration.resources.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\msjet.xsl.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.Linq.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\ReachFramework.resources.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-pl.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7cm_fr.dub.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordcnv.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSUIGHUB.TTF.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jre-1.8\lib\javaws.jar.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemuiset.msi.16.en-us.xml.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ppd.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel-udf-host.win32.bundle.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Delete.png.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_logo.png.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClient.resources.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-pl.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription1-ul-oob.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.dll.tmp	b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe

C:\Users\Admin\AppData\Local\Temp\b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe
"C:\Users\Admin\AppData\Local\Temp\b707ed5bf6d65f96d2ddee3ed9120894819b053e0d77c01acf65b9df31e6a647.exe"
1⤵
- Drops file in Program Files directory
PID:1068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3906287020-2915474608-1755617787-1000\desktop.ini.tmp

Filesize
40KB

MD5
6d9e8c44225723e123700ad60884e532

SHA1
1f5e33fb7959b8f3e2325d8fe9e1228276453751

SHA256
009cc510b72f5cdbb2cbdedfcdb8f22edaa6ce9998ede9969455c5b434da0166

SHA512
0a5a94aa64c6d84961d4831270a0f82a701600e1592da372387d693a598d059acc4d862343d9887a692995a0a19415339eb4515271507b4ce76faa7a1d3752e5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
139KB

MD5
4f8aa407314d51d8307a0d726164bcc3

SHA1
f248ef4e2c865310b2d32bf978afc86042d11f83

SHA256
bd8d664b4b9f232525cfafa4a9e262cc6f168777c7c53c55f720d269997fd098

SHA512
626038b4f585c2b93f71767d287b19c1ec5e696d863c8c7f0a51d9e047bd294ee5be2a1854a0f5a7dbe980625a1881dad510410e1eee9a0be6186d810bbf014a

Download Submit
memory/1068-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1068-1212-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download