59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542

Analysis

max time kernel
150s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 21:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
Size

57KB
MD5

4c4cd5a541c966e0de96de31416e5d9a
SHA1

cbfe3848088b3e854f87488a6009cc0196c6f0ce
SHA256

59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542
SHA512

48596bb4f3b39515bb52855148e5c206b1a89c82dd2c0945c68a6405ba3ea271f01fd4ed85dcc17168b422a313af97b2c83121ec2bc10a5c4ec323df66eb12ee
SSDEEP

1536:V7Zf/FAxTWoJJZEmC2levgQxUYKOccToVl3:fny1tEmCvZUYKuToz3

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4849) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/892-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0006000000023252-2.dat	upx
behavioral2/files/0x0004000000022932-6.dat	upx
behavioral2/memory/892-1782-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ul-phn.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\de.pak.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.policy.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ul-oob.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ppd.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatchingCommon.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.Linq.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-time-l1-1-0.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\bcel.md.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Java\jre-1.8\lib\flavormap.properties.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-ppd.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Sybase.xsl.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-ul-oob.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-180.png.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN092.XML.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial2-pl.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.runtimeconfig.json.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-140.png.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-180.png.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ca\msipc.dll.mui.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\Office.Runtime.js.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Design.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\default_apps\external_extensions.json.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSVCP140_APP.DLL.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Glow Edge.eftx.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ul-oob.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer2019_eula.txt.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\es.pak.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\SUCTION.WAV.tmp	59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe

C:\Users\Admin\AppData\Local\Temp\59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe
"C:\Users\Admin\AppData\Local\Temp\59311793d98716e4a5c14a1150c9d6f5b475f1ef1a4b5636cc0df04cc84b4542.exe"
1⤵
- Drops file in Program Files directory
PID:892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2753856825-3907105642-1818461144-1000\desktop.ini.tmp

Filesize
57KB

MD5
a0f86c4953a2942dd8cf6f503b0fee6b

SHA1
611e21814a70f5bc6b26e7919271ed7f6455a97e

SHA256
49807fd5a55cd7984866a40fdb041a888129c504a9836dc4dfdc2455bb812c1d

SHA512
6507ee253766a4bc029aa758ab405dd533a67952309d366178413e675a4eff25af10c0c1b20dd340dba30c6144570bf6500cd1a92e89196865ace854d0be9caf

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
156KB

MD5
6e2ec9bc271b6e3139d23323fa83b333

SHA1
efadca870d0114888a5bcfc4ad5cfd354db701c7

SHA256
a7393723b4aa44c6f881e97d4b8f1c17ec40b9d4f4723556709d05cbaa16c44c

SHA512
4e2a3553545a034358df846b5e767a18363c6ad8296bdadb8ecb28d17bccb7573944cf3a37126901b0b7b4d5899f7869b68be2ec89d88b92c7642fe22e268afe

Download Submit
memory/892-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/892-1782-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads