Analysis Overview

score

10^/10

SHA256

57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f

Threat Level: Known bad

The file 57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3738) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5248) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 23:08

Signatures

UPX dump on OEP (original entry point)

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

UPX packed file

upx

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Unsigned PE

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 23:08

Reported

2024-06-13 23:11

Platform

win7-20240419-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe"

Signatures

Renames multiple (3738) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

UPX packed file

upx

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

Drops file in Program Files directory

Description	Indicator	Process	Target
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\VideoLAN\VLC\locale\mai\LC_MESSAGES\vlc.mo.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\css\clock.css.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDFFile_8.ico.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\CGMIMP32.FNT.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-util-enumerations.xml.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-heapdump.xml.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\HxRuntime.HxS.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationCore.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\PNG32.FLT.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hong_Kong.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.update\platform.xml.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine_2.3.0.v20140506-1720.jar.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jre7\bin\server\Xusage.txt.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist_jstree.xml.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Windows Media Player\fr-FR\setup_wm.exe.mui.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\11.png.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jre7\bin\fxplugins.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\37.png.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\newgrounds.luac.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Windows Sidebar\ja-JP\sbdrop.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\gadget.xml.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\es-ES\currency.html.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.CNT.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\vlc.mo.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_over.png.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jre7\bin\sunmscapi.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Thimphu.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Games\FreeCell\fr-FR\FreeCell.exe.mui.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_glass_65_ffffff_1x400.png.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A

Processes

C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe

"C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe"

Network

N/A

Files

memory/2188-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp

MD5	cef73893e9425306fd43ac3635c4e1d1
SHA1	f6d2bcd1fad6cabcfb539257da45938aeb2a17ef
SHA256	cad864be4ef29a19fe3421259b0f4948a7ba2f4fe49f214d2ac60e1eab886186
SHA512	b9999ab1289259251e60bec3fde2d9122fa682328ab3578bbe022320af88485900b5296699139911c4ae57bb4f5cc611b6570229bce1b39d217eca908c51d9c3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5	933047570bc3d6c0f0ed21add7a31b7b
SHA1	3e61971e48acffd5e76d23537cae04d6fcbc7e12
SHA256	71057f425fcef97196c242d797e6969d2b154355b5250702f7fef8ad3de998a6
SHA512	f41646f604bdbf337a793fdb6e7f589a0c110107f022dd04e93bb807284fcbf389c994dad03426aca9bf0e34b591785a49c5b9279b593b83bbbb851b21a04d07

memory/2188-660-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 23:08

Reported

2024-06-13 23:11

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

52s

Command Line

"C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe"

Signatures

Renames multiple (5248) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

UPX packed file

upx

Description	Indicator	Process	Target
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A
N/A	N/A	N/A	N/A

Drops file in Program Files directory

Description	Indicator	Process	Target
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationFramework.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.osmmui.msi.16.en-us.xml.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\strings.resjson.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClient.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-pl.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.WINWORD.16.1033.hxn.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebProxy.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.SETLANG.16.1033.hxn.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Grace-ppd.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.tree.dat.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Templates\1033\BillingStatement.xltx.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ppd.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-pl.xrm-ms.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\WindowsFormsIntegration.resources.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Java\jre-1.8\legal\javafx\webkit.md.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-xstate-l2-1-0.dll.tmp	C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe	N/A

Processes

C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe

"C:\Users\Admin\AppData\Local\Temp\57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f.exe"

Network

Files

memory/2380-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

MD5	b6659f20ce1cdbb822f2e48cbc3db38d
SHA1	d9f9bfd4f61465dc77cd11a9c78c62922cfecca2
SHA256	56e76d0c722343247ff8e73bff2e6edfb9f1ec61d715bfade5d801399657b148
SHA512	65cc7e8c9fab7818e3211d9d48aeb52a13c05723686bc056eaf5eacd3da660e015c54f6b2866f9f05f2075dd718664b57348ba3e5e5f5ad10ef205a99e5aa30b

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5	21418ad5754fb7db026b8aa57f6bd72f
SHA1	7a160e1051617e53a6689b26783fc5586ca3f1b1
SHA256	972e39f7c1c1fb65961ca1185c2e5535e381bf27f27fd5dd64c59a429656d716
SHA512	f62635d75fa455aeb14029be8d94727621b7fd1f17b196daaf3f0b140a555a1a67c90d23bc0eccddb65146abab746601413f70a978afdbbdc426bf70c6a123e7

memory/2380-1960-0x0000000000400000-0x000000000040B000-memory.dmp

Sample ID	240613-24x2zsybjm
Target	57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f
SHA256	57e31b79e4f9f88ea84f6bb8862a9576f346dcd302218267b8be99da4d90c40f
Tags	upx ransomware

Malware Analysis Report

2024-07-28 16:26

Table of Contents

Analysis Overview

Threat Level: Known bad

Malicious Activity Summary

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files