5ccf4617d33cf04f7daa3c518991c32dcaf4011dd84ffe4ef620da96614f555f

Analysis

max time kernel
120s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fea226aa1687bfc48c402bdfc082bc0N.exe
Size

867KB
MD5

2fea226aa1687bfc48c402bdfc082bc0
SHA1

af230a1407c131e68934a6790a1c0e1282294a66
SHA256

5ccf4617d33cf04f7daa3c518991c32dcaf4011dd84ffe4ef620da96614f555f
SHA512

a1f90ec62e5ccb80cbd8da446a117b2d589533eeaf2e59827ef8667b4262b170d16f95b291c9f25bfaf2d60c6441fa0e67ee7930e7a2c4e83d7a49f269b30257
SSDEEP

24576:VI9CAqKCYtR89d4f9g3T+jVHtd31gDrdXJ4QgIaxRks0eBHOYgVss0fdg+Iby6vI:VAnqkP2wOHvglem

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1763) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2260-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0009000000023418-2.dat	upx
behavioral2/files/0x0014000000022932-6.dat	upx
behavioral2/memory/2260-1036-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.StackTrace.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.ResourceManager.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationNative_cor3.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Reader.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Loader.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\ReachFramework.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Security.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClient.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationTypes.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsBase.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Primitives.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\PresentationFramework.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Printing.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.VisualC.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Controls.Ribbon.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Extensions\external_extensions.json.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Timer.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClient.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebClient.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationTypes.resources.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClient.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp	2fea226aa1687bfc48c402bdfc082bc0N.exe

C:\Users\Admin\AppData\Local\Temp\2fea226aa1687bfc48c402bdfc082bc0N.exe
"C:\Users\Admin\AppData\Local\Temp\2fea226aa1687bfc48c402bdfc082bc0N.exe"
1⤵
- Drops file in Program Files directory
PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1176886754-713327781-2233697964-1000\desktop.ini.tmp

Filesize
867KB

MD5
829ac5f1027daa003ee5e923327c5898

SHA1
2a8db1e9262234cd7ef662aa8342bde88e0ed130

SHA256
d76ae4acc81ab77644219f2baaef095d46911ddb673cb5237b1e5fd0ebbf9f82

SHA512
cc80e1eb7f7b8d12e6fe8bd20b908374cbca4516a1fd24cc5873370ccb256fc387b66fb0d2a740cc07eb2babaa4917cab17857489d51a6d7ca50162e74d9f1e2

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
966KB

MD5
1a6e5c918dfc10c0f92ac62c1bd6cd40

SHA1
32ef8f9364260a22b0080813097c961cc9f61471

SHA256
bdf5d51b8af506a643da577549faf9742054cbfb98c6323f45c1db14e97743f9

SHA512
f8d068d38cbeded2a75d11ebdf1d50b5204b000aaefedc8b2ed0aa358c1c67707caef33882dc484e4cc32ef222ac56ef40ec65b90dcd4bdd51189a765c8a8474

Download Submit
memory/2260-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2260-1036-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads