76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
Size

75KB
MD5

409ef27469b1ee925f30485c733d1373
SHA1

b7df356449d1377790ee23917082037dd9aae735
SHA256

76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06
SHA512

395ae9c3fc231191f2d47b1af3c512d85742febe3cc7901c1591797a5f88ea053ec2a1eb3ff9370e710c19cea46f418cdd92d8fee1fcaf5912409810b5ac2ac1
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxFS:fnyiQSod

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5049) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4964-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0006000000023248-2.dat	upx
behavioral2/files/0x0014000000022933-6.dat	upx
behavioral2/memory/4964-1792-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ppd.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationUI.resources.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationClient.resources.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-pl.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicsimple.dotx.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\en-US.pak.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL011.XML.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-file-l1-2-0.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL001.XML.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\te.pak.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-pl.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-libraryloader-l1-1-0.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationClientSideProviders.resources.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\dnsns.jar.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\DRUMROLL.WAV.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\WindowsFormsIntegration.resources.dll.tmp	76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe

C:\Users\Admin\AppData\Local\Temp\76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe
"C:\Users\Admin\AppData\Local\Temp\76fa2bd081293de1ed92c10fb6dfccbb3023dc960aaecf5eb65fddeae85fff06.exe"
1⤵
- Drops file in Program Files directory
PID:4964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3642458265-1901903390-453309326-1000\desktop.ini.tmp

Filesize
75KB

MD5
c733fdc4064ffb9abc04dca494d148ff

SHA1
ea14fdc900fc049ca98911f42278af48b33922dc

SHA256
86583531085c6d507c3b989cfb80235f7a4bac05d1316ae99a81ac5d0afec826

SHA512
594d3e511bc67b587ab117b0f6f870d14132dc541080cfa576259cdcdfd7e4bcb1cd5bec0621ee4d1aadf594bb05ca37c38bd1538942a2e0af2d581ddd3d2b1e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
174KB

MD5
2bff94bc1497e896326ef393ee39ee9d

SHA1
8952d0ad0b0f6f773db133e64630f74810359793

SHA256
829c7b4325a8a22fc09569e0a84e571edc94be0c98a88a935f57608a47ca9164

SHA512
54ad6cb4bbca194a62bb75a80ceacdb8a8afb52266fa01400c80d2e52e9ae5a89e9815bfce198d4f27b231762e32377aa4d08c89b9c2fc38afd9153d4f9b57bb

Download Submit
memory/4964-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4964-1792-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads