4924b3266615ee57ef0753794857f7ea37909adaea824950448ad3b90a31683a

Analysis

max time kernel
120s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52a09d3b2c38590b9435bc40314fbd10N.exe
Size

40KB
MD5

52a09d3b2c38590b9435bc40314fbd10
SHA1

edb97c935f1911085db49df7cb766b9508d4e2bb
SHA256

4924b3266615ee57ef0753794857f7ea37909adaea824950448ad3b90a31683a
SHA512

18fc3691ed2bad256ec115f987c118c7b0291b3c2f0f6705d96a32e3b81f54838a99b7e0da00e86a5ffe56facbb123d459048106e99e9a817d31bcdc08f3f245
SSDEEP

768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyC:V7Zf/FAxTWoJJZENTNyC

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4520) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4284-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000900000002341e-2.dat	upx
behavioral2/files/0x0014000000022923-6.dat	upx
behavioral2/memory/4284-1798-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\lib\jawt.lib.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\libpng.md.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.EventBasedAsync.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\eventlog_provider.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Primitives.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Grace-ul-oob.xrm-ms.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xerces.md.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Grace-ppd.xrm-ms.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ppd.xrm-ms.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationProvider.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClient.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationCore.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ReachFramework.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_MAK_AE-pl.xrm-ms.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.CLIENT.CORE.DLL.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationProvider.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-utility-l1-1-0.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_es.properties.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Forms.Primitives.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Diagnostics.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Specialized.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Excel.Excel.x-none.msi.16.x-none.xml.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART11.BDR.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ppd.xrm-ms.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationTypes.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\vcruntime140_cor3.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\te.pak.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	52a09d3b2c38590b9435bc40314fbd10N.exe

C:\Users\Admin\AppData\Local\Temp\52a09d3b2c38590b9435bc40314fbd10N.exe
"C:\Users\Admin\AppData\Local\Temp\52a09d3b2c38590b9435bc40314fbd10N.exe"
1⤵
- Drops file in Program Files directory
PID:4284

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
40KB

MD5
cc9bddbe2a7631fddf4cfd4734b7b562

SHA1
48351a23d2211c9f2a39123f5efd7e251812471a

SHA256
0456b03d80580537f74f273399209953ea0ae27963064f8f23f49bd71b6f95d0

SHA512
e473b3b8280a2bf25eabcf2a7361041dee753075ce96bfef223f2a8c74c5ed1572427ed875cd971c5e1393bb9e989b486af6c157c390d5d84f8f44d92135b445

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
139KB

MD5
321ce800393e9c1b8792877f59aedaaa

SHA1
260e70b2238405da2a304821c188f9fb34c4a62c

SHA256
e10cc7dc117216d0e57ef4332182bda60d933f66ba24d38cdfd4e5e63f1fba72

SHA512
89c0dbd1641da4ec582277e976469672dddc8341e93eab0116a8dec4e2262aee041e397cdb5af60a33420885a0b5f3e059a90b97064b923b1dfffe03e3baa51d

Download Submit
memory/4284-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4284-1798-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads