351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/07/2024, 03:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
Size

107KB
MD5

d8baf85b4ca562fa0734b5050a0801c0
SHA1

34e8d6d3f8e6450411a1dc943df0b30f508123a9
SHA256

351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5
SHA512

c069fb03cfd3f75634c8459aa0e672b42e494543be7a416a25aab16e42be1d4ad6d13537fda5914561de04d65043d4fde3a12f40c6b2c74b4f9f8f3ad93b649b
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZuEd4HZKMSs9w7WsLhEC7pGmRUf:KQSo7Z54HZKMx4dhECVGmW

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5149) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2720-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x00090000000233fc-2.dat	upx
behavioral2/files/0x0009000000022975-6.dat	upx
behavioral2/memory/2720-1098-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMSB.TTF.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryResume.dotx.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk-1.8\bin\orbd.exe.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Interop.MSDASC.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc.did.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-pl.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Smokey Glass.eftx.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Input.Manipulations.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-phn.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Controls.Ribbon.resources.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL027.XML.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN020.XML.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.White.png.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\PGOMESSAGES.XML.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.LEX.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-console-l1-1-0.dll.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe

C:\Users\Admin\AppData\Local\Temp\351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe
"C:\Users\Admin\AppData\Local\Temp\351903b6eb9c8b1213e368f133ab2c0e5065f7ef666a6ef6a2134b9bae5aded5.exe"
1⤵
- Drops file in Program Files directory
PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
107KB

MD5
8b0dda95d0cb7a5eecaa37232859a7e9

SHA1
4f1412a8ce227b0157ee718f13181abc5b5a1f1f

SHA256
721385b967a8792c7cabf3335fe20ea93c6a94486fbac5f1a11b88579ed5b9a7

SHA512
6a06b6275d1669429936b413c3941fe15eb5cd2ae30b74caea22df8d8a3fda1d0f8f87aec4f8ae10ab6d2b6df3a36e17ab9354eae8e4940a775d17c6354e902a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
206KB

MD5
3e90a78440ebe06cc61a43b2b3050cef

SHA1
65ee54cd8fed2610569b9a9942c05215c654b11e

SHA256
9379fbd25365f0f4b29ebc6d435df6e705c265ff7b0a9f128681766d13da49be

SHA512
04f6488ad86ac6c8a07a92a29d29ec1b38fe27640978653fea7c0044a152186eb6ddfc3f92f31f95dae992716a83946d380d02aa7d8b2c0377618f75e8e0bca8

Download Submit
memory/2720-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2720-1098-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads