9e21b081b53434ef8a105e785f59fd4693eee53a5e1cc6e17437a3f94df61b47

Analysis

max time kernel
120s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 00:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

189658b1ca85a7dc8c61b9ca4be70010N.exe
Size

45KB
MD5

189658b1ca85a7dc8c61b9ca4be70010
SHA1

147a79c84fef5bc7278d1228578f7953ee38c3da
SHA256

9e21b081b53434ef8a105e785f59fd4693eee53a5e1cc6e17437a3f94df61b47
SHA512

a079cf5a726f124d1b2efc5b61fb1210711681a4bd4d65cc3845d9948890f504e9b8aecd0a5926e89b7bf4297c0482425d0d699041e7839914c41ea62b859c5e
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFI7:CTWn1++PJHJXA/OsIZfzc3/Q8IZ9

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4653) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4192-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x00090000000233b6-2.dat	upx
behavioral2/files/0x000600000001e6e4-6.dat	upx
behavioral2/memory/4192-1108-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_de.properties.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-phn.xrm-ms.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sl\msipc.dll.mui.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-pl.xrm-ms.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Xaml.resources.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\public_suffix.md.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xalan.md.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\colorimaging.md.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000011\FA000000011.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\chrome_elf.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ppd.xrm-ms.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\fi\msipc.dll.mui.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jmap.exe.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\psfontj2d.properties.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cryptix.md.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-phn.xrm-ms.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ServiceModel.Web.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ppd.xrm-ms.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationFramework.resources.dll.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	189658b1ca85a7dc8c61b9ca4be70010N.exe

C:\Users\Admin\AppData\Local\Temp\189658b1ca85a7dc8c61b9ca4be70010N.exe
"C:\Users\Admin\AppData\Local\Temp\189658b1ca85a7dc8c61b9ca4be70010N.exe"
1⤵
- Drops file in Program Files directory
PID:4192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-464762018-485119342-1613148473-1000\desktop.ini.tmp

Filesize
45KB

MD5
c48f15c9f78b192181a081ec4e8b6f9c

SHA1
c5736d26bbb7d8503d145ff36568bcd6c172232b

SHA256
007a2cbb78afc6d0b21d5eef402719c6dada73f71f0944738a8b94c298a4967b

SHA512
8e9ab07201d97460e129127709a6f2c8f81574db07de8d2c7c3073dbb2718299c4971fb1f5cfb4f331150d60aad9587f37303a701f4a0ea5cd39b5ec9cd76a74

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
144KB

MD5
50480d1b2a91872fb440ab2066a8f2e2

SHA1
15b9fc5d42ccd2fe36050db8d102790bb8ed9915

SHA256
32d66bfccc3470f423ec33d6ef605adf0dd4cd91cdd7e7aede587ce516f6b055

SHA512
b60f97bde234dca52cbc5c18a24014b98262af1d637cde56f7e71329533a6599c3664923fa2241dee0740e2aa365286fb8d011008ff9f459ff296b4af30a93ff

Download Submit
memory/4192-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4192-1108-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads