71d18a732fe05d6cc5f2e59fe17e82e366182666aa1a038383313050b9b6513a

Analysis

max time kernel
119s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b7a0fcd0e37de38fa28fedb2e439f20N.exe
Size

139KB
MD5

6b7a0fcd0e37de38fa28fedb2e439f20
SHA1

ffe88016632828b62b62cb9abbb1faf02b3a68f1
SHA256

71d18a732fe05d6cc5f2e59fe17e82e366182666aa1a038383313050b9b6513a
SHA512

2d15e400ef01c6d33c71dda73607afe76aae635241ff75b3e56f4d66999a1442e1116ee89893fcb820cf4eafb3b8daf32b3f6cb1464aa37a0ec2d577d05f57e0
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZuEd4HZKMSs9w7WsLhEC7ptPqPZlyN:fnyiQSo7Z54HZKMx4dhECVyo

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4311) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4752-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0008000000023500-2.dat	upx
behavioral2/files/0x0014000000022946-6.dat	upx
behavioral2/memory/4752-1788-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019MSDNR_Retail-ul-oob.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationTypes.resources.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-oob.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\sk.pak.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ppd.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ko.pak.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Timer.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\WindowsFormsIntegration.resources.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPP.VBS.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ul-phn.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\bn.pak.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_Grace-ul-oob.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Retail-ul-phn.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RInt.16.msi.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Practices.Unity.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxml2.md.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ul-oob.xrm-ms.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordbi.dll.tmp	6b7a0fcd0e37de38fa28fedb2e439f20N.exe

C:\Users\Admin\AppData\Local\Temp\6b7a0fcd0e37de38fa28fedb2e439f20N.exe
"C:\Users\Admin\AppData\Local\Temp\6b7a0fcd0e37de38fa28fedb2e439f20N.exe"
1⤵
- Drops file in Program Files directory
PID:4752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-47134698-4092160662-1261813102-1000\desktop.ini.tmp

Filesize
139KB

MD5
c582c1218f9b5ad24e93e1cd5d179c34

SHA1
5ea4980799c6f3036e68e3da99cfbdcd84b93321

SHA256
d68bba4f51b2c32216c74fdc899568ed78acaa70ad1e8328471fbff26e5164ff

SHA512
f6195dd02296366e1946ab813bc6a77ef374f1f8ca924118a486f764bc0b1bce4c4d92711a7b811af207937438ca78b445d5911b810c1cfbad65e8da41003a86

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
238KB

MD5
8813be8e057d7660b9d7e0af9755c412

SHA1
22e5b03c110885d3e6d1c2494f58b72bb6955005

SHA256
bfeb41780c87fed801b40c97aa2b9b04a648038fb54288b11ad41e25a4cfe5e3

SHA512
87b7806dd9b2a263c39f61dc1ee7a403edf4e317c94727cd3a602cb12c2d6beaf093c517a58dfa96c200d0cf04fdd649a0d68f192c745d4f835ca515f5be5bdc

Download Submit
memory/4752-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4752-1788-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads