f97c0b370a5c81edb947610432120dc0d14f2139404c7ff806b073604e18c37a

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f924e2244360d0901ee531d37d86600N.exe
Size

23KB
MD5

1f924e2244360d0901ee531d37d86600
SHA1

28df62a71632a25ebaddeeaf54736adaaba01000
SHA256

f97c0b370a5c81edb947610432120dc0d14f2139404c7ff806b073604e18c37a
SHA512

5761208108dae3101fbb159a9bf163a7554293c61310af9df31e7f29ea0d0dbe6086c0d1a59e911eca8da45b9d178a4d7ab0fa89c9b4f9a28f0a032a4a3694d6
SSDEEP

384:QOlIBXDaU7CPKK0TIhfJJcbQbf1Oti1JGBQOOiQJhATm+uA+uRtnAtneBWjWl:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJG

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4657) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3908-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x000900000002346d-2.dat	upx
behavioral2/files/0x0014000000022905-6.dat	upx
behavioral2/memory/3908-1204-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.runtimeconfig.json.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsBase.resources.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-pl.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PenImc_cor3.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\cs.pak.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ppd.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-80.png.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-180.png.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ul-oob.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\shaded.dotx.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Permissions.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-pl.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-phn.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.MemoryMappedFiles.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Resources.ResourceManager.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuin53_64.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ppd.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationTypes.resources.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_pt_BR.properties.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\uk.pak.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-pl.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Core.NetFX35.V7.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Xaml.resources.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp	1f924e2244360d0901ee531d37d86600N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp	1f924e2244360d0901ee531d37d86600N.exe

C:\Users\Admin\AppData\Local\Temp\1f924e2244360d0901ee531d37d86600N.exe
"C:\Users\Admin\AppData\Local\Temp\1f924e2244360d0901ee531d37d86600N.exe"
1⤵
- Drops file in Program Files directory
PID:3908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2636447293-1148739154-93880854-1000\desktop.ini.tmp

Filesize
23KB

MD5
b3527a22810730758133e176cd484f63

SHA1
28b46f0d87a47aa058a2118f483f96149028edfa

SHA256
eef20cba8d9b83567b6bf7260c66474cd896749809ecd84941a57a56a672018f

SHA512
6098d2057f58fefc4148dcf419022638ddb064bb5f16268f59c079698ff0d476b68f9ebe8cee4844cfb9ee614b52f13e84ea493ddc835eb1fe9e09d150f573f5

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
122KB

MD5
dd6686325d8fd0104bac51335b89cff3

SHA1
0d81444dca141fbdc235f190db58697c4153aed5

SHA256
eff2d5b5e12937162744535b4a26a32219f05f71aa7b0a5c1001390ed56b47f1

SHA512
b6d6c40042f4338a4918d76f6fbf349d37a484885206a1fab69dfca4976b8d571b3011c3a100c70ddd07210a0747e12fbc93f310562b168b4719023729836642

Download Submit
memory/3908-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3908-1204-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads