55c1e95f3d0d8070a3fe5f92573ccf427569cce13f7d85847acb6c6c9339c6fd

Analysis

max time kernel
120s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 03:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
Size

76KB
MD5

59db704d4feba2fae5e3d0a0c0ef7fb0
SHA1

e830f4df66f9e7666b9d6e6800cbd1cdc4fd592a
SHA256

55c1e95f3d0d8070a3fe5f92573ccf427569cce13f7d85847acb6c6c9339c6fd
SHA512

f70a0d32aec2be6b158759b4173f855f41b7fa3ebcf7bc679ab75f4c797c340237738a2b3e394db02adf94a1616c099fe9382929abc9708bd7072c787b9ee5cf
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZS:fnyiQSo7ZS

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4554) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2320-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x00090000000234a4-2.dat	upx
behavioral2/files/0x001400000002292d-6.dat	upx
behavioral2/memory/2320-1788-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\deployment.config.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\glib.md.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-100.png.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostTitle.XSL.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorlib.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.Watcher.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationFramework.resources.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-oob.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Input.Manipulations.resources.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-pl.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Claims.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ppd.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ul-oob.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_Retail-ul-phn.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Numerics.Vectors.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationTypes.resources.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebHeaderCollection.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Grace-ppd.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Trial-pl.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WWINTL.DLL.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	59db704d4feba2fae5e3d0a0c0ef7fb0N.exe

C:\Users\Admin\AppData\Local\Temp\59db704d4feba2fae5e3d0a0c0ef7fb0N.exe
"C:\Users\Admin\AppData\Local\Temp\59db704d4feba2fae5e3d0a0c0ef7fb0N.exe"
1⤵
- Drops file in Program Files directory
PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1750093773-264148664-1320403265-1000\desktop.ini.tmp

Filesize
76KB

MD5
3f068a0f9e8ab94589407fa504297cac

SHA1
fd29641397f9f8bb7341966e8c4d5632ff6cecbb

SHA256
44c428f95620be1ef71665f9366305d2135817705b54b65c1c4e5b9e1c7551ee

SHA512
02cb7cb23a783fc80a12182bbb2c943327fd7eab075bc3fcf49b1c88f335f9c9c7779337e1177ed01d87052aeed0ec06f9b0d8ed9c8cc576b71187526ab43b61

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
175KB

MD5
0b5e7684de638c68c12ff0c57a2bf6d4

SHA1
5f58d29c5da1bf7b8f487d088c507c5e5d409f4e

SHA256
5f8d2cf7c73b03eeb260adee0efac29ccbf8c47dd26a1e94cec4f00b9b816e2b

SHA512
2e93a3949cf3b00457cfb061e4c2a79ba548e63686896fedb192eaf835b1df145a1258849ff3f93bd2bcfb996ac2b72f184db2f628fab8ef46a387086bdd0377

Download Submit
memory/2320-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2320-1788-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads