96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07/07/2024, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
Size

34KB
MD5

75c37d47b7fe10f8d166174e6d9293ba
SHA1

f74f4ac48928fea6b1a19bdddaf7c28b0a226427
SHA256

96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27
SHA512

1e4e8860f49845e2e787c08481b4701e0f0b5b714ada7792c2db919d3e2f0d15eb955f8b919f00e70e85f758603b2fdebf50e2505b8f20d9fa189dc95676a51e
SSDEEP

768:kBT37CPKKdJJ1EXBwzEXBwdcMc827SKNx27SKNvzcF/MF/aNBoIQONiJT1ORiJfe:CTW7JJ7TG2QSrS/

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2320-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000600000002325a-2.dat	upx
behavioral2/files/0x0004000000022949-6.dat	upx
behavioral2/memory/2320-1164-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ReachFramework.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\Logo.png.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-utility-l1-1-0.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ct.sym.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\rsod\powerpivot.x-none.msi.16.x-none.tree.dat.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-heap-l1-1-0.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\hr\msipc.dll.mui.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\ReachFramework.resources.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-pl.xrm-ms.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Formats.Tar.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-oob.xrm-ms.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial2-ul-oob.xrm-ms.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ul-oob.xrm-ms.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-180.png.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\ReachFramework.resources.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\EnterCopy.emf.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jstack.exe.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-phn.xrm-ms.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.EventBasedAsync.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Wordcnv.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-black_scale-80.png.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul.xrm-ms.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL077.XML.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotd.exe.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\vi.pak.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationClient.resources.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-pl.xrm-ms.tmp	96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe

C:\Users\Admin\AppData\Local\Temp\96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe
"C:\Users\Admin\AppData\Local\Temp\96c6961508f8d3407bf61420a3857b0e3913f0210f717d2d79fd1cb5c98f7f27.exe"
1⤵
- Drops file in Program Files directory
PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1403246978-718555486-3105247137-1000\desktop.ini.tmp

Filesize
35KB

MD5
15e20105c2849f94850d1dd736641099

SHA1
8fafafeea0ba0bfc345ba2c80e4ea88cd57fd09b

SHA256
ffa5fc2cc440639436c7bb5de3df0f1f3cbd4d6b2ab539cf520dbed8b53b428e

SHA512
48ad75b85e0d4ff2610ed0daed70200d65be91d4a9a2b997a7e31a5fd7f6f9b70027386ef2541cdc9aa1463a0cade0f954a9a94dcdd300e8c0b89943faf00b3a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
133KB

MD5
eed5c89da49b806fd69ae9f2a8313a31

SHA1
55a8e14062db368f872e6bf05e541170f310422b

SHA256
29544843976a65f955758a362f0a6f346de9224975786a40ded2d293cae51cca

SHA512
7514aa496413177f4a9c8d9146cddec6527c463d4b2cbaaca4258671db70e1e3426930d4c243b0635f0259b2d38a9bf0d13531d2e4b994cc7c7f0384a0519b7e

Download Submit
memory/2320-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2320-1164-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads