1ca821e8baee255fadbc590f97a95a65446db7aa61928c14587aa13bac306a8d

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7691eb5c5b071422ca250b4ea48b6110N.exe
Size

115KB
MD5

7691eb5c5b071422ca250b4ea48b6110
SHA1

32e0b2e8ca52726b5b57615b0ba8bd274d52a327
SHA256

1ca821e8baee255fadbc590f97a95a65446db7aa61928c14587aa13bac306a8d
SHA512

244776b3b112878a9e0c222489c38b75b1e4daae657f6a3bc39aae9aabae8bec02b1534b2a2dbc22c3b0f06e6e30312839154324172aef43dc758eb37356a57f
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxVTWn1++PJHJXA/OsIZfzc3/Q8zxU:fnyiQSooQSoh

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3844) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5052-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0008000000023443-2.dat	upx
behavioral2/files/0x0014000000022909-6.dat	upx
behavioral2/memory/5052-1606-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial.xml.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\D3DCompiler_47_cor3.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ul-oob.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-phn.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-oob.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationTypes.resources.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Design.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jre-1.8\bin\keytool.exe.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-pl.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ul-oob.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Crashpad\settings.dat.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\tr.pak.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\[email protected]	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ppd.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationFramework.resources.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ppd.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ppd.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Queryable.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.Primitives.resources.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jre-1.8\bin\instrument.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ppd.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.Writer.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\PresentationFramework.resources.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ppd.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\ConvertTest.vbe.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encoding.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	7691eb5c5b071422ca250b4ea48b6110N.exe

C:\Users\Admin\AppData\Local\Temp\7691eb5c5b071422ca250b4ea48b6110N.exe
"C:\Users\Admin\AppData\Local\Temp\7691eb5c5b071422ca250b4ea48b6110N.exe"
1⤵
- Drops file in Program Files directory
PID:5052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.tmp

Filesize
115KB

MD5
53c950ad3813ebc46faff424b9ed6a70

SHA1
8b6302bba895dace59c896e33ed627f8cef529db

SHA256
3cfaa4993bf5e32cbc62564da2cfc85e55c8954a5def7e08f2cfdf1ccd915908

SHA512
bdcdd175aed61523dc913a44bab1711608b8460708d1f6fb588aefe80029aebc3227569f75480b68d1fe18782cf43dcd03ff5692cef1f9b1d85fa868529b1299

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
214KB

MD5
6257434973aeefade2b85f9f85d6e3a5

SHA1
b072eb42c96de434e66b0efa97a941e51c80b806

SHA256
7b60ebdfcf8001d5cc7b27d16b960c749730280478dcd4e389762353121e6d6b

SHA512
79a564d6118d4babedb5a1a13221998b2650355bd1404dffdcae4bba60b85346c6f461a8b6f5557642bc34b262a3df97784145dda5445c969599ad4f4d29be62

Download Submit
memory/5052-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/5052-1606-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads