62616ff54c270060562733b421479819ab579ef295f0927fdc59cf4cf67409eb

Analysis

max time kernel
120s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45b4a086f8612cbc50ff92801f92fe80N.exe
Size

120KB
MD5

45b4a086f8612cbc50ff92801f92fe80
SHA1

94b68255b5ff435d410c22f9fc8eeafae8184430
SHA256

62616ff54c270060562733b421479819ab579ef295f0927fdc59cf4cf67409eb
SHA512

83e6c7bffc8de9d4559409bc6f72174aeb4599d7394e92e951b91d30d6f1525428aceb1b3b6f1424a43dfef8b82e4b418c3dbb6b83ea94599da6e1fb6ad78ac0
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZbTWn1++PJHJXA/OsIZfzc3/Q8IZS:fnyiQSo7ZPQSo7ZS

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4011) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1936-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0008000000023467-2.dat	upx
behavioral2/files/0x0014000000022905-6.dat	upx
behavioral2/memory/1936-1602-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\java.security.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libffi.md.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Collections.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.CompilerServices.Unsafe.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ppd.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.DiagnosticSource.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ul-oob.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_Subscription-ppd.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Client\vccorlib140.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-pl.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Xaml.resources.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\deployJava1.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-pl.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\PresentationFramework.resources.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaw.exe.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-file-l2-1-0.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-pl.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_Subscription-ul-oob.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul-oob.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsBase.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsBase.resources.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationCore.dll.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe
File created	C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp	45b4a086f8612cbc50ff92801f92fe80N.exe

C:\Users\Admin\AppData\Local\Temp\45b4a086f8612cbc50ff92801f92fe80N.exe
"C:\Users\Admin\AppData\Local\Temp\45b4a086f8612cbc50ff92801f92fe80N.exe"
1⤵
- Drops file in Program Files directory
PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2636447293-1148739154-93880854-1000\desktop.ini.tmp

Filesize
120KB

MD5
5228db0c6289d27044190a15e06061f6

SHA1
d9d325939916fd015001ec928e05f435382c6201

SHA256
19f8608599c613f38a5570342b6de407c3a7d64beb9f5ad358262bc60eb60abc

SHA512
182ce53cd4c61f16029bdaff5aa69f2a96353b72355ebcea20e56e0a1c0215ec54a953db3ae94720f50a383428753891fa7349fff21298dcc86a596b7031b920

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
219KB

MD5
69fde0576e44c1572b68e7f0a44f3598

SHA1
439de772a29e6dea69a2f3078998cb02bbaf0a71

SHA256
4571ddcb2b0d13110d0b106c007e62133d0fb6fdfa00eb47cebaf14ec575003f

SHA512
075615f4c148fef7a781e6a66b45d5406c72b5b87b6ce8935987a569b806056b53d200336a302f5a6f495c85ac0e73c49a9c3f9cc034f3e7691cebd07717b93a

Download Submit
memory/1936-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1936-1602-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads