7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881

General

Target

7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
Size

137KB
MD5

239e3d94003a81408cc7a9b682439604
SHA1

232b68f12ad0482350d1b9e08f613e22568e1f5c
SHA256

7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881
SHA512

964ecf78a76525ea5ebbbe8039d286d6d8215783aa298d6e16732ecd3c7432a4ddd43c2da26345c134245537f0bf1cfc9144ead6b7e10ed1c01bbe996f7faae6
SSDEEP

1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSM:enaym3AIuZAIuYSMjoqtMHfhfK

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (870) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2356-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp	UPX
C:\libsmartscreen.dll.tmp	UPX
behavioral2/memory/2356-250-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2356-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp	upx
C:\libsmartscreen.dll.tmp	upx
behavioral2/memory/2356-250-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe

description	ioc	process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.AppContext.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.TypeExtensions.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-0.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-profile-l1-1-0.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-environment-l1-1-0.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Text.Encodings.Web.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Private.Xml.Linq.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationTypes.resources.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\ReachFramework.resources.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.NameResolution.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.Win32.SystemEvents.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.IsolatedStorage.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\UIAutomationClientSideProviders.resources.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\WindowsFormsIntegration.resources.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Serialization.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.XmlSerializer.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.FileVersionInfo.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-datetime-l1-1-0.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.DataAnnotations.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\UIAutomationClientSideProviders.resources.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Writer.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Thread.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.0\hostfxr.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Forms.Design.resources.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Extensions.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Specialized.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Encoding.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationClientSideProviders.resources.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.X509Certificates.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Primitives.dll.tmp	7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe

C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe
"C:\Users\Admin\AppData\Local\Temp\7515ad4c424843b37987138e66ac9eaef94197aaab289daf111c1c61ddc5d881.exe"
1⤵
- Drops file in Program Files directory
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3768 --field-trial-handle=3088,i,14310325015283915034,7660943942870463106,262144 --variations-seed-version /prefetch:8
1⤵
PID:1376

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
138KB

MD5
e92a60dc5f6b51d86216b9e7f19502f2

SHA1
b4f669c510d3a4861e9fcc645e0dae179a8d84c3

SHA256
78a5a7235cf9a5cd5e92e489dbd4dca8c3e3b06345dfd50a54470cd0c8300989

SHA512
6c5037deb24e96726270c123c20840bd43735cedc9ff36a34dfc7e05e42e859ce2bf32620addedf43b8ce2389cdace4cf1740a3baa0d3b4c7c0dd102c8c32c0a

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
137KB

MD5
3cd50fdfce4696a4446b71e7f8f20095

SHA1
aad2b330dc9fbb6692788d6bd3d78631d6aa81fc

SHA256
4134c7b9c695bd232de3b53549917c109b9a4733b62a894d4522a20c74c48904

SHA512
e04f014d33ac98d4f6381a5f795d23fdb24a8930bfff60948f17b6a590e5c0978d0ca586f4ac5c8f46c0d7bbd3f25a9e269ce8fb631f54605019756e285d95f5

Download Submit
memory/2356-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2356-250-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads