44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 21:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
Size

51KB
MD5

78d46052466b110c1c910756a8444c2e
SHA1

4b1bffe734b8dd04ad4ae79076c9af7b80b2871b
SHA256

44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551
SHA512

8faadcd25e09e34c8b15b338dd0e70537a4c703979e55716e95a3568187f64bcf2e3e3b723eee2889d715a2381e93e0a6376c2ef33012897b402a0802d1c04b4
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rE:V7Zf/FAxTWeT

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4836) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/804-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x00090000000233f5-2.dat	upx
behavioral2/files/0x0014000000022923-6.dat	upx
behavioral2/memory/804-1794-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Client\C2R32.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL092.XML.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN058.XML.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.security.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.OData.Query.NetFX35.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Debug.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\nl\msipc.dll.mui.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-pl.xrm-ms.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Calendars.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Forms.Design.resources.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Primitives.resources.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.Edm.NetFX35.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\ATPVBAEN.XLAM.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-white_scale-80.png.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationProvider.resources.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ul-oob.xrm-ms.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\Informix.xsl.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NameResolution.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\WindowsBase.resources.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp	44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe

C:\Users\Admin\AppData\Local\Temp\44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe
"C:\Users\Admin\AppData\Local\Temp\44c419ded8b077714135ebd0a26bd798590f0b1053a9837d92c05e91358c4551.exe"
1⤵
- Drops file in Program Files directory
PID:804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
52KB

MD5
bbaa1b30761095e8c7f11c8370dc823d

SHA1
c278b4b70278399aa61d03c00ca9bc0c2a341daa

SHA256
30718503b35ca8653b68398d173c6285aa550b57c78d7c6fd48aef69fa8945bc

SHA512
7404373c061818529c736e7e4cbfbbe3efadc289567aedd798f7f90c9eb5f56fda5660e705b8fce82b2de110c794b5df1f6a22fa2241256acc14aa3c91125113

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
150KB

MD5
6390cddcfa5c3cc1ceba9988783ec67b

SHA1
288de375ed28a7b1e12c3bedd5d5915297c22732

SHA256
68af67225c7d6b88dd9aa04c44f89bb42fea07e5a0c94aa0251330156d91d54f

SHA512
22a9c5273be7eab015a9cf32ce170643b5eb69ed676b83a863ccebd3c6f273fed52ecb68def107bdf3a3abb147838da56ec951a4cc831e02a7d54f7ec795f6f0

Download Submit
memory/804-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/804-1794-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads