4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e

Analysis

max time kernel
134s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
Size

79KB
MD5

46b6aa8f2666d26f707b53da033554d3
SHA1

d0f88944557a7a0444e7b01e6507bce6ab6d5e59
SHA256

4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e
SHA512

60e8d555e13c431f71468c2a61c58b079db9f6f37e2a44503bb3e6435193934b8f0bed3c6853df5edd6ae17b770a0dda38267a3dcb93d4edbdc1fc854a9dc6d8
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxFy5gfcL5y5gfcLcwd:fnyiQSoXqeaqeh

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (223) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1300-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/memory/1300-1-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0008000000023271-3.dat	upx
behavioral2/files/0x000400000001d8b2-7.dat	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.da-dk.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp	4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe

C:\Users\Admin\AppData\Local\Temp\4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe
"C:\Users\Admin\AppData\Local\Temp\4254e55887e664203d73c1bc54b008331543764e30e8210033fc5f957bfa094e.exe"
1⤵
- Drops file in Program Files directory
PID:1300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4020 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:8
1⤵
PID:4592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
80KB

MD5
ce6c5fca02c447f04bf6583074390253

SHA1
a2550db2dfbc6af8444ba30988318197e078f220

SHA256
22e7decb8fd43f9cd2caa4cfb21dff523442f4e49a42c741cb3a83c27569f618

SHA512
51bf630d2ee3d64c9d575c6f1501a20e2f196b3a8f856d8dcbf7ef785d6b017abcf58b38b77838a65caf74fc9037a1047f9e6b432e81397cfbd5043677f10903

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
79KB

MD5
0080e1adb1a28885fa5f41ec757a65d4

SHA1
37439f9702a99f81419415eb5302620396763930

SHA256
4ee586e6ff5a0799b8b37406b7185054936346d4ed491dc06afcc9e31e3fc44b

SHA512
3792486ac8b5843122b7bbbd33e8048e974d1fda28472fbc6d70d1c0485256f96eb920d45f5e673a4273dc70a826851bf55170c0ba394e57ebea558f57b8ad1f

Download Submit
memory/1300-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1300-1-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads