3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
Size

241KB
MD5

9d6304e9d6e12b2e74f3e744ffd3c350
SHA1

87ad73482c27fd6e3ebc39f5bbe1f3be0b915860
SHA256

3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e
SHA512

01f111a3e57c580d9a47da7e461c44dd9bf4b869b8ff9ca843c267c9ddc814d38b26f82ec7a9b1f88ddae80491535d213b3003faa5e9babbf00de54a2cab1dc9
SSDEEP

3072:fnyiQSo7Z54HZKMx4dhECVTQSo7Z54HZKMx4dhECVH:KiQSoz4HUK4dh5TQSoz4HUK4dh5H

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4682) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1508-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000d00000002342e-2.dat	upx
behavioral2/files/0x0008000000023437-6.dat	upx
behavioral2/memory/1508-1642-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationProvider.resources.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Input.Manipulations.resources.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.VisualBasic.Forms.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-oob.xrm-ms.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\LICENSE.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\ReachFramework.resources.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\HAMMER.WAV.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-80.png.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-pl.xrm-ms.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mce.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Intrinsics.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationFramework.resources.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfr.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkDrop32x32.gif.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f4\FA000000005.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Numerics.Vectors.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pkeyconfig-office.xrm-ms.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.tmp	3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe

C:\Users\Admin\AppData\Local\Temp\3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe
"C:\Users\Admin\AppData\Local\Temp\3c07efcd6472668b62d9c77d18daf9a2c540a1357550302bd2f6c7f2f294f06e.exe"
1⤵
- Drops file in Program Files directory
PID:1508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
241KB

MD5
91f39a1ea52fcc2069c70e2a7169568d

SHA1
c2f86a82b2698076bb98a73b47e251ef7e7aa310

SHA256
ffa5048a054a80735b7cf5b57082faecdf7b0d5a04ca92f43184ec8cb2bed585

SHA512
1fce4f6adeb9c59bf7d5d75f431700047cd2a7dc9f4cd8a76afb59ace920f271538765cee154f4b0150ad065d3f5066d473abd95048b7f0b6bb0f9be4219010e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
340KB

MD5
ce5892411d478e184d9df2eca7da7ef1

SHA1
aa37bfb0523d7462745fa63175fa92d9474c1571

SHA256
f35e31ce5b949a6f4c9e89f37921810d12c3e504c7637b0ce1bf5506bc771e36

SHA512
ca4339780e358822500f72a740e90bc11961192128e278406d12b088e90d9aefd31343f481e34602b792494cb70018c3e97904848fbdab3c627e62fae80b636e

Download Submit
memory/1508-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1508-1642-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads