d052c0e0373ddc1179bd32fd854e96b914b7fe0fd38f2e2a5148a9dcc8f7241f

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00bc2ae3ff33fab958077310d5cc3b00N.exe
Size

46KB
MD5

00bc2ae3ff33fab958077310d5cc3b00
SHA1

e569f85ed58e8a660829194a057b8c5ccfa84735
SHA256

d052c0e0373ddc1179bd32fd854e96b914b7fe0fd38f2e2a5148a9dcc8f7241f
SHA512

59c085cd3cf3cbeb5716e21aa95f86fadf1365b690cc3889081998b2e8fef85c7a022f9f83ab2169bd0d49b23ae2a29b24387ea5177f4f3032cf9cd4a124378d
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFIo:CTWn1++PJHJXA/OsIZfzc3/Q8IZX0N

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (5203) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3064-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000a0000000233eb-2.dat	upx
behavioral2/files/0x0004000000022949-6.dat	upx
behavioral2/memory/3064-1100-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-140.png.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encodings.Web.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_PrepidBypass-ul-oob.xrm-ms.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_Subscription-ppd.xrm-ms.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.UnmanagedMemoryStream.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11wrapper.md.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.png.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ConsumerSub_Bypass30-ul-oob.xrm-ms.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-pl.xrm-ms.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\lcms.md.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ja.properties.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ul-oob.xrm-ms.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieTextModel.bin.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VVIEWER.DLL.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Grace-ppd.xrm-ms.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jre-1.8\bin\sunmscapi.dll.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ul.xrm-ms.tmp	00bc2ae3ff33fab958077310d5cc3b00N.exe

C:\Users\Admin\AppData\Local\Temp\00bc2ae3ff33fab958077310d5cc3b00N.exe
"C:\Users\Admin\AppData\Local\Temp\00bc2ae3ff33fab958077310d5cc3b00N.exe"
1⤵
- Drops file in Program Files directory
PID:3064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1403246978-718555486-3105247137-1000\desktop.ini.tmp

Filesize
47KB

MD5
0894f379dec99e4b36068f961159acc1

SHA1
8bbb4841784ab70dd82860f1114dc0f479ba57aa

SHA256
afc029d112faf41f8f18e38aac5bd1a1aee721780070e7eb85b870c6b4fa1e2d

SHA512
057fc023d32c80ab3b6f84b40202d45e9a317693de553362c807cfd7bf6be1ac81ed5f12e6af9d3a6cfcb5fbd8a604aea1aad4fb9b678d0403f878bd9745ee04

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
145KB

MD5
d592d6583179de815e56b04c180a44fa

SHA1
8d3f0e0efeaee536794054dc5e51811e38c5c24d

SHA256
124ba44c54337584bb84ddb6f6e5aea07f3def8fde4c255af5af453f9669d8f1

SHA512
1629e3a2fed50dbb591899fafad4ada5607b68f751c4d1a2a4bb8ef0421201b0675c6d30cfbd31377b63daf57c84fd3e7720060dd67986f1c503f343b961c16c

Download Submit
memory/3064-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3064-1100-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads