3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285

Analysis

max time kernel
150s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05/07/2024, 20:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
Size

108KB
MD5

9ab2e49691bbad8a6ffaee98ee4fb57d
SHA1

2b6e60aaef809b2c9bbfa751b8ad5e00c7217e76
SHA256

3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285
SHA512

ba58ea790e1593c4b7635aeab5e75552f4719bf05a30fa893642b651b45fd62d05372bc1acba1001d1ac2542c6d9ba75398cb8327759d4cc5c4273fb9d5df264
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsxe+eX7n97nPll7n97n0G6UkL:fnyiQSohsUsxe+erZLZ0G67

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5012) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/400-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0009000000023495-2.dat	upx
behavioral2/files/0x0004000000022949-6.dat	upx
behavioral2/memory/400-1782-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\el.pak.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_CN.properties.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationProvider.resources.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.DiaSymReader.Native.amd64.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.Native.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentlogon.xml.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GKWord.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\resource.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ppd.xrm-ms.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Extensions.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ppd.xrm-ms.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.EditorRibbon.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.resources.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsound.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-moreimages.png.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-oob.xrm-ms.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.ServicePoint.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Java\jre-1.8\lib\calendars.properties.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fr\msipc.dll.mui.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Input.Manipulations.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-ul-phn.xrm-ms.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN022.XML.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Formats.Tar.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.dll.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-100.png.tmp	3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe

C:\Users\Admin\AppData\Local\Temp\3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe
"C:\Users\Admin\AppData\Local\Temp\3c2a3fe4d43bc0f6ceb595a424baab4c41a9101a6833eb6dbdce87590cbfa285.exe"
1⤵
- Drops file in Program Files directory
PID:400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1403246978-718555486-3105247137-1000\desktop.ini.tmp

Filesize
109KB

MD5
4549f8a977be8249882604ad9fad4932

SHA1
4f13669c4d4db6beb8d2dc5acc8f0c1561447a0a

SHA256
a4837c26b1756803f8bd64697c16343e3f74f144a990444416a82109a55e0eb7

SHA512
2a8aa791807b8767a962b1730b739d440edd825d31fbedf8a1704fb0ca764e390c2cb31e355358bb7ee28e46e51f05928df805bf9f4dd614c38feea052411aa0

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
207KB

MD5
1fd8626276af7facaf1d25419640b16b

SHA1
803d3fb3ad68dffd2d686d5f1fb6058755e8eb35

SHA256
8f0bfec95ad2b5e8672122f1019198f5b97e25d0ec51eb44e60dcaea2dd4b735

SHA512
4a8c182d84470c045701052a171aecf07af960152aaa20bd4efc7b494443025d373fadbeb29a541cbb0f07bcd49a718467905e47e551b852519b55987c0592a4

Download Submit
memory/400-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/400-1782-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads