2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d

Analysis

max time kernel
150s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
Size

41KB
MD5

4e36679c91fe7fc78c8146af12af4ee0
SHA1

80afb052e1cc93c2361846364555a795786661b4
SHA256

2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d
SHA512

e4588975732c17e634e3969a553ccf21363eb0a79c0e8ac02fa3bd4f231eef3bcc50e96d46b8bec727b11ea15ac97f355dbc1a534dfb845119b2e11fe84b87b6
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJjtf8WUtf8WGoj9COieQJfoj9COieQJ0:V7Zf/FAxTWoJJ2WjWpf1fb

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5031) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/660-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000400000002292e-6.dat	upx
behavioral2/files/0x000c000000023405-2.dat	upx
behavioral2/memory/660-1790-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Primitives.resources.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\ReachFramework.resources.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-oob.xrm-ms.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.VisualC.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-bridge-office.xrm-ms.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\casual.dotx.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelCombinedFloatieModel.bin.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Internet Explorer\fr-FR\iexplore.exe.mui.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-white_scale-80.png.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jce.jar.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Java\jre-1.8\LICENSE.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.Wizard.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\InstallerMainShell.tlb.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN107.XML.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXT.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\CancelGlyph.16.GrayF.png.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationProvider.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN002.XML.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN011.XML.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7EN.LEX.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Buffers.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\id.pak.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp	2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe

C:\Users\Admin\AppData\Local\Temp\2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe
"C:\Users\Admin\AppData\Local\Temp\2239c540af7081328a793229c5e9a8db522e4ae93e05a17cfbe80a8a565ca72d.exe"
1⤵
- Drops file in Program Files directory
PID:660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-771719357-2485960699-3367710044-1000\desktop.ini.tmp

Filesize
41KB

MD5
06b2961ec515b18b5d73cd526e63ff95

SHA1
fbe3bd43de5a603bed04dfca28b84e894145b47c

SHA256
0276721c07e93ce39b150f604f83a37ca32d774abcec6145ccce202f2c111632

SHA512
9b89c8f1789a87003928540735515345ce37074a23cdee927549cc151d85b6caaf75574b6450325bb7b191c0141c49c6b18da121868f7800c171fcaaebb875e2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
140KB

MD5
56621136b63c0a5c8c88354bd75cfa70

SHA1
3ec1ced0a21285bbcbcf7ffcf3f4fd927e9ff3ac

SHA256
1fe855f716ac3ca93e4808a5529182989858ec68790a401b9234cd6e042e63b9

SHA512
6435f4f02b61d88b1fc10b55c96e64b386015e4639ae668e0d66efdcdf0cfd224e3390eb6269314c1385ceb8e8bfce5a52dc267182db9624054b406cf674de25

Download Submit
memory/660-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/660-1790-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads