215e0e4b602fc5438e8a1080231612066c38110ee321b914deb9a56908e3307f

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25732c6a09cb235848b30e93a93799b0N.exe
Size

372KB
MD5

25732c6a09cb235848b30e93a93799b0
SHA1

810821a780e276781eeac538dfeb362d0ea0e5b1
SHA256

215e0e4b602fc5438e8a1080231612066c38110ee321b914deb9a56908e3307f
SHA512

8b5ea2a864f87497bac674670dd16dc79acbffb071c7d986325f1bac24b98ddd099bdcb2bf0e57834f6ef3f02d3573cf4481d4947cd59e80f63dc6a992442fbe
SSDEEP

6144:KiQSoOFTlAOB6pcq+HpFeHPgsHsSYafq8g2Oe:VQtWAzpcqapMvgzS/Jv

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2676) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3532-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000900000002345b-2.dat	upx
behavioral2/files/0x000600000001e5db-6.dat	upx
behavioral2/memory/3532-1332-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Timer.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsBase.resources.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\mesa3d.md.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebProxy.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Configuration.ConfigurationManager.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationUI.resources.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationFramework.resources.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\ms.pak.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Primitives.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\netstandard.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tracing.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationCore.resources.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xmlresolver.md.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClient.resources.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-environment-l1-1-0.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	25732c6a09cb235848b30e93a93799b0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Security.dll.tmp	25732c6a09cb235848b30e93a93799b0N.exe

C:\Users\Admin\AppData\Local\Temp\25732c6a09cb235848b30e93a93799b0N.exe
"C:\Users\Admin\AppData\Local\Temp\25732c6a09cb235848b30e93a93799b0N.exe"
1⤵
- Drops file in Program Files directory
PID:3532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1705699165-553239100-4129523827-1000\desktop.ini.tmp

Filesize
373KB

MD5
b812ca2a9502a64ea7db4b413ef4c3a6

SHA1
de7c6f1cfb3498b4df2736627a33f59a837b54b6

SHA256
b51790a05c0b4fe977e429b405caa3ca1b419818601a6401519fd18133c45fbd

SHA512
45d91904df475ae22ee59b15b4b4c5f3afebfd03e4a1354243b0ad875265d53f6ecfe3d1aea9bcf23dc9112d68e0e1a42d6723fb768661b92a6fef2d5c89f91c

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
471KB

MD5
337d1c3fabf8b633cc3109f7dc244aa1

SHA1
ca6d3aad48068b57d0e70b097767c523bcf51eaa

SHA256
30ec6444cbcce1432e7f4aa1ef75d1a91105bf1c7af785b9aef5ba35bb86be31

SHA512
7ffe91dd9e280ec8694ae5a32962cc026fe0232cd9c989fb55d334fc8f5979e2e5bbc98ec63dc50fe240b27b1ec2a04e38f4b9cb6f2e08a7a2602ec7a87b6d7f

Download Submit
memory/3532-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3532-1332-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads