3b71ef6705ed8420bb4dedad2e6a9e51274b67ebf97da0bc722fce60173181b1

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26416915653d3caa80a9d4be853ef5c0N.exe
Size

24KB
MD5

26416915653d3caa80a9d4be853ef5c0
SHA1

721ea99ab331679b327b4d1bef24232c0126e1d9
SHA256

3b71ef6705ed8420bb4dedad2e6a9e51274b67ebf97da0bc722fce60173181b1
SHA512

da6d3418830021a200bbbe703aedc81e5550aaa1e39865c8a37dd86b87b92d39f26e9dabc391267e5948d68f00f6b279b9d8aa653913e6884dd670334072ecaa
SSDEEP

384:QOlIBXDaU7CPKK0TIhfJJXGiSk7Tkiy6tuy6tu:kBT37CPKKdJJXGiv

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4649) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2044-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x00080000000234ac-2.dat	upx
behavioral2/files/0x000600000001e6e4-6.dat	upx
behavioral2/memory/2044-1070-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\.version.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ur.pak.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.Unsafe.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8_RTL.mp4.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-180.png.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Algorithms.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.DiaSymReader.Native.amd64.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\ReachFramework.resources.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\sr-Latn-RS\msipc.dll.mui.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-phn.xrm-ms.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Security.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\dxil.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\charsets.jar.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationUI.resources.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul.xrm-ms.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsFormsIntegration.resources.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\jconsole.jar.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp	26416915653d3caa80a9d4be853ef5c0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	26416915653d3caa80a9d4be853ef5c0N.exe

C:\Users\Admin\AppData\Local\Temp\26416915653d3caa80a9d4be853ef5c0N.exe
"C:\Users\Admin\AppData\Local\Temp\26416915653d3caa80a9d4be853ef5c0N.exe"
1⤵
- Drops file in Program Files directory
PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-464762018-485119342-1613148473-1000\desktop.ini.tmp

Filesize
24KB

MD5
a8b4b257f8c30626126ca52d1b500b36

SHA1
3a7bad9d2361a93b49203b2e9cdf5bf1135226fe

SHA256
bd05ec1f7726e8f417bd7a94529c16f97eb9408ab493bdc5f2836f68e5e8b2ae

SHA512
a7e4adb836116e741d125864de5648076db02444c8d2499fd077da05e6172b292c8070e51775f835de9909c5e9e354c22e0168cba8050231961bf8c3ff68f85c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
123KB

MD5
b0c59626e4a0a11d088a048adc899b52

SHA1
ebd998aae4df8f8ac0be52440ebd64542630ba09

SHA256
c6be917f57326a5566c809da6f17ac9552770f16539a2cc2613001603cd15233

SHA512
6048c9ce9dd315f1bc4e988cee2e162133ceb38818957d05af32c4cf29badf7829babe3a55feb0113c9670099391be3c5502f452a9c8e000b264b54a066be528

Download Submit
memory/2044-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2044-1070-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads