7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 23:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
Size

94KB
MD5

f23cc3e83dda38ca7c1b2b18bb78d80b
SHA1

695791cd4fef261b700f6828a93fb9c76efe3bbe
SHA256

7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f
SHA512

6640e45006023d174525cd1de4de38ca6c0bfb110c69443e77e7574b1b64f55d80be94118cbdbd15ed8ae57a841fd94bb040b890e2027df3728c641df4c07ed7
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZuEd4HZKMSs9w7WsLhEC7p9:KQSo7Z54HZKMx4dhECV9

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4828) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x000500000002326f-2.dat	upx
behavioral2/files/0x00090000000233c0-6.dat	upx
behavioral2/memory/4600-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/4600-1046-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClient.resources.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-pl.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OMML2MML.XSL.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ppd.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Java\jre-1.8\bin\wsdetect.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Grace-ppd.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-140.png.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.NonGeneric.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-140.png.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.AccessControl.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Java\jdk-1.8\lib\dt.jar.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\STSLIST.CHM.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.SecureString.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSSRINTL.DLL.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Controls.Ribbon.resources.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-ul-oob.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-debug-l1-1-0.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationTypes.resources.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-BR.pak.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Java\jre-1.8\bin\management.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.Dialog.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationFramework.resources.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_es.dub.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-locale-l1-1-0.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OARTODF.DLL.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\SQLENGINEMESSAGES.XML.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ul-oob.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-100.png.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe

C:\Users\Admin\AppData\Local\Temp\7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe
"C:\Users\Admin\AppData\Local\Temp\7ebcd657ce2fa60a52a522e00bf1be0175644f4e83f223a7545320d6041ef27f.exe"
1⤵
- Drops file in Program Files directory
PID:4600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini.tmp

Filesize
94KB

MD5
1812b8d827d455d9d1a0b8902b275826

SHA1
17f99084c000b8f96e7c8ade3ba56034e389593c

SHA256
802af31ad4f232a2a7b9b04b01d116753136c0ba6e2993344f2295130af07011

SHA512
b8922a686a8224ad00571e60e87a8f815b592baae72f5a4d80d1af76ef205d1b75b72f7931e200befcf557d36b2eec559419949a734e4f4f1f773cdb66b7dd0c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
193KB

MD5
911b015b0de1631cca436111ba8b9e4e

SHA1
bd4631034e547e8a62d3c054d1a3c60b05259b25

SHA256
80192db9dc4d1f0e5e3729a2d6bc30324976da6834c210cbfcd2d88fc2fa89b0

SHA512
88ddad726d4fe4aba087601b8de527b56d8794f7fe67e3daab4c4b00f95ea4eb4d5af35e6d18fae2cd16d5692c02382dc5e950a01baa2190d33b0ecfb5310f24

Download Submit
memory/4600-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4600-1046-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads