142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
Size

53KB
MD5

b41a8e5568372006d0e782150864b432
SHA1

8ad9deca972a08e33d3d54e44c06d5595ad9365c
SHA256

142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108
SHA512

73066d99482ad42fc5f49d43289cfa0b73f1d81e5176d96dca12025265ed4b36621aaa72463a06d7faf12a6e7093a7d425a175a90771d139c62894bb6fadc70d
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJjtf8WUtf8WZCqCDhC:V7Zf/FAxTWoJJ2WjWZCqCU

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5193) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2996-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x00090000000232b1-2.dat	upx
behavioral2/files/0x001400000002298f-6.dat	upx
behavioral2/memory/2996-1964-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic-Palatino Linotype.xml.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\PresentationFramework.resources.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME.txt.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ppd.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.resources.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ppd.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGI.TTF.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Gill Sans MT.xml.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-ul-oob.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\mr.pak.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\MSYHBD.TTC.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sbicudt58_64.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKPowerPoint.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL106.XML.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\rsod\excel.x-none.msi.16.x-none.tree.dat.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyResume.dotx.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ppd.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsFormsIntegration.resources.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Java\jre-1.8\lib\logging.properties.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ppd.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.tmp	142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe

C:\Users\Admin\AppData\Local\Temp\142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe
"C:\Users\Admin\AppData\Local\Temp\142da05f6dbcb3f428ffb760a262b77262c661f4566463f97b2ffaa298e08108.exe"
1⤵
- Drops file in Program Files directory
PID:2996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-587429654-1855694383-2268796072-1000\desktop.ini.tmp

Filesize
53KB

MD5
bcc0559d2d51b25366630eaccc97e22c

SHA1
5df810e088340d12fc1a66b077b5012edcdc48c8

SHA256
1ebb85622b0c84b9771e7759cc7049436ee45f87d390665aec8d0def8d5520cd

SHA512
d7120f796f4aa260cc7b2ed0ce1f79662d8194a2397b9d4291ae01bc2b8f37effafc8672527cfd3596150d092108e59fca4a0b7d8c605921f5cc4755a23597d5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
152KB

MD5
ec6039b4ceb7bf813822122e4a34c285

SHA1
058987b0b7d74ec40a7f7941a381c143812c056a

SHA256
855d428ce63777534bba725707f728f6ee287ac93e38667a86e9a47707aaac28

SHA512
88ceb0f91242951915171920faf7aa14cc80a5b794e26e712367a6acadb8aa9108c6217bfc7ac31efefa4d5ef5155c2fe7fd6995b434615b9754bc829e029c50

Download Submit
memory/2996-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2996-1964-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads