d1331d313e50010efe24abc2605f9800a71ea0f404d69ee617ddf72ae3248776

Analysis

max time kernel
149s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2024 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e605d66736123a09657d7fd87a55df0.exe
Size

52KB
MD5

2e605d66736123a09657d7fd87a55df0
SHA1

7e7197f291efd6d000adbc875e5d57ef81012c7f
SHA256

d1331d313e50010efe24abc2605f9800a71ea0f404d69ee617ddf72ae3248776
SHA512

f5a3ccfebd395cefbd2a91ac568ef4ded0cbb7a9ee1546f59f996add7f18ff41e5acbecd78857ad6028bfc9198ea6fc6d96391538cf50e20d1b635ec9dc36b68
SSDEEP

768:a7BlpyqaFAK65euBT37CPKKDm7EJJBZBZaOAOIBRBT37CPKKdJJBZBZaOAOIBR:a7ZyqaFAxTWbJJB7LDKTW7JJB7LDU

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4833) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3960-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0006000000022f55-2.dat	upx
behavioral2/files/0x000400000002297e-6.dat	upx
behavioral2/memory/3960-1738-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnWD.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ul-oob.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.V7.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\IGX.DLL.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ppd.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Configuration.ConfigurationManager.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-oob.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_expiration_terms_dict.txt.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Violet II.xml.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_fr.properties.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Json.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Encoding.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\nacl_irt_x86_64.nexe.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-pl.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.CodePages.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-pl.xrm-ms.tmp	2e605d66736123a09657d7fd87a55df0.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp	2e605d66736123a09657d7fd87a55df0.exe

C:\Users\Admin\AppData\Local\Temp\2e605d66736123a09657d7fd87a55df0.exe
"C:\Users\Admin\AppData\Local\Temp\2e605d66736123a09657d7fd87a55df0.exe"
1⤵
- Drops file in Program Files directory
PID:3960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2547232018-1419253926-3356748848-1000\desktop.ini.tmp

Filesize
52KB

MD5
f460b46712e3aa654653300f15790818

SHA1
e8184f77ad8c2bdedb9261bdb9632bce7a12ed33

SHA256
20c3b32c058db26bc8c5d84242073eb6a19ce3b452ee66cae9e6caee52c9600d

SHA512
cda37c777088f8bcab391a38d0bd3e36993fdb6d8e23093b4a485ab651673c8c5b2a8a3a6e272bd8719db5ad0a71d259b4c35053f9fd64a2167693bc28be6126

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
151KB

MD5
523ca1a5cab08837a3d76652be0c0c95

SHA1
14b49d7cd0972504f5333ee923742d7fa8536fbe

SHA256
eaba86e870a61ac98e5024f458400091a90c337bc2602e56ea88719c6d368848

SHA512
21ccf2a2a5f4c5d378cbe13aaeaccbfe3884b21506d3aab9a7bf3a19e0b0dee4085ad7678ca491b90e5bfd5c02925ad8d2e3e8f7e5d522aa59ab21ab83d3a006

Download Submit
memory/3960-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3960-1738-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads