d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3

Analysis

max time kernel
149s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 03:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
Size

81KB
MD5

f7b95acfcda244e70346332ef079eeed
SHA1

40b7e4506606d62306496cbe0b1003a9db5c5467
SHA256

d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3
SHA512

d45d9eac92c9e9991ffe8290b1e6c459f177b6002e4e810bf7b25f67e064ae6874bf99cd5a4d175756cd3b8d8289a6c7eafa7204c24d2c328b005127d73c2b9b
SSDEEP

1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8jsfEiDtL:enaypQSoTEix

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5198) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4628-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0009000000022912-2.dat	upx
behavioral2/files/0x0009000000022979-6.dat	upx
behavioral2/memory/4628-1912-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-100.png.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\libcurl64.dlla.manifest.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.fr-fr.xml.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-180.png.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\SalesReport.xltx.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-phn.xrm-ms.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationProvider.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.DataSetExtensions.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\giflib.md.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxbgt.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GOTHIC.TTF.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.Lightweight.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsFormsIntegration.resources.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\jcup.md.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ANTQUAI.TTF.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\personaspybridge.js.tmp	d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe

C:\Users\Admin\AppData\Local\Temp\d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe
"C:\Users\Admin\AppData\Local\Temp\d93d559125f5d30867c92b8ec096b89fd1df610c451a02684d538725cc0881c3.exe"
1⤵
- Drops file in Program Files directory
PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
81KB

MD5
96449d6d355b4905f75d83324b540662

SHA1
a0d9caf6f1c887f1b59e328763e384d185a2ac5b

SHA256
209f56b751ec3d05863f26c448a9c213944f8519b3aeb79174952f45815a1bb8

SHA512
a48bde13a1ca5670c6e3ec62cdb36d3a9b81360bf91f8d17e5d5e4b92b5ec459eb599b428c0b50c49ceab442d6f7150b0fb92da3aa54a2f9d7efeca50d7b6c86

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
180KB

MD5
d8da83f756f645e5163a09db19c85807

SHA1
2baae55fcf1d2e2a5e8bce8f41fc148d0cd6afa5

SHA256
6f7b6904549c996035b625014339c0941c805af9a24d0b26268185dcd32cf63a

SHA512
466f7f9d74e5b0aab3118f39e6e6ca4a15410a193c820b28e34e67b4b87f9bbebe5f4fb02aab8d99ad2b0978f69bacef18b268c4902681f4222a951ad343322e

Download Submit
memory/4628-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4628-1912-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads