2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7

Analysis

max time kernel
150s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 02:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
Size

102KB
MD5

0272ecff9ed760d360fd36e41c6bbe20
SHA1

b65eec7bdc1f1de96d20307818305beb4bb4c4d3
SHA256

2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7
SHA512

62409fcbcba1ea28522c7c21c9db160b89de24298eca20d6cee41617f66575d1c44e49447d5e4367ee09c580763511156b9711ed597753859a5d7fdc36362931
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxtjm8sYW5WI:fnyiQSoojmHYW5WI

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5025) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1508-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0006000000023270-2.dat	upx
behavioral2/files/0x001d00000002292b-6.dat	upx
behavioral2/memory/1508-1784-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClient.resources.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.JavaScript.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Java\jre-1.8\bin\w2k_lsa_auth.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-ul-phn.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial1-ul-oob.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\mojo_core.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYM.TTF.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL104.XML.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.White.png.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-2-0.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Xml.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Input.Manipulations.resources.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-pl.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN110.XML.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Memory.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Grace-ppd.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\ExitAssert.vdx.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ppd.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_Subscription-pl.xrm-ms.tmp	2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe

C:\Users\Admin\AppData\Local\Temp\2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe
"C:\Users\Admin\AppData\Local\Temp\2dd2e8dc7adcd12dbfceb82f70c5643568ba08c635ecd65cbd8167ca8ecb98a7.exe"
1⤵
- Drops file in Program Files directory
PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
102KB

MD5
33881d1dcb9bbe2d43c06344d2b4f0a5

SHA1
b36eb06c5548399714d52a0d9086b8e8c64de375

SHA256
79a9d09623e70087f1f59a66f6ec58fd965ffbe218d649739c9846bdcf7108a7

SHA512
cc02ed52fb1de3b0a29d5616a57d0f298f4aa6f8cecdd95e312a2a3a0eab242f89c7442e9acdf22e903fadb1c61cde593862fd74ba1bddb52352ac7bd0cc22b1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
201KB

MD5
0cdaed4b71d96bde214f143be1e985b4

SHA1
d6ec5cb76e1360cd93a11abc6487be10e8ff78f8

SHA256
7e5cab3c6753c5e813a1ebfe680113887a9a3a900f6728b06b55b2d3349ebb54

SHA512
a1beb06606df209a0ce3453f7a7fe7f9d91799dcc6b35c57e506358fa7edd20de5fb83f607ba8f96a367b3d23fde635958184acd9245671ecedfd582d5708ffa

Download Submit
memory/1508-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1508-1784-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads