0dbc9cbde1e79ee1dede982d557eabf3faf927f77c0be9155ac53c2399ba52d3

Analysis

max time kernel
120s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 05:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

768c6c09c6f32a70747f2ba9a44a01e0N.exe
Size

89KB
MD5

768c6c09c6f32a70747f2ba9a44a01e0
SHA1

1783d0e1292cbdef6f976a63b3cf2e1051bae711
SHA256

0dbc9cbde1e79ee1dede982d557eabf3faf927f77c0be9155ac53c2399ba52d3
SHA512

e3cee9ae5a04e5512948eb9e3b93d800a5e9e331ab06fe1ac030bc4c09536588f225386ae7ac388d42c22281aaf9adbb69681872956cea27e634db7cd634d600
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxviYiaE+UpCUpy:fnyiQSo4iYis

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4362) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2860-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000900000002340c-2.dat	upx
behavioral2/files/0x0014000000022923-6.dat	upx
behavioral2/memory/2860-1800-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\management-agent.jar.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Extensions.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Grace-ul-oob.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.exe.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green Yellow.xml.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Configuration.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GostName.XSL.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationTypes.resources.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationCore.resources.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\WindowsBase.resources.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\WindowsBase.resources.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHLEX.DAT.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Xaml.resources.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationUI.resources.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.v4.0.Utilities.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\tr.pak.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ppd.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\+Connect to New Data Source.odc.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART5.BDR.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\WidevineCdm\manifest.json.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-oob.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-pl.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Dataflow.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\icu.md.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial Black-Arial.xml.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-pl.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-ppd.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ppd.xrm-ms.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\pt-BR.pak.tmp	768c6c09c6f32a70747f2ba9a44a01e0N.exe

C:\Users\Admin\AppData\Local\Temp\768c6c09c6f32a70747f2ba9a44a01e0N.exe
"C:\Users\Admin\AppData\Local\Temp\768c6c09c6f32a70747f2ba9a44a01e0N.exe"
1⤵
- Drops file in Program Files directory
PID:2860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-701583114-2636601053-947405450-1000\desktop.ini.tmp

Filesize
89KB

MD5
2d6ebd09e834dec98a8ff3c8aadcc54b

SHA1
a42eb9cb8b950c4d5f38ffe5c9a5431b8165d2ca

SHA256
fb86282a878305f69c59122e0289b2962c32f399f0802f804469fd88dca1cd06

SHA512
ec41b631c7646349df2ed2905e8c2fe5dd1fb0298337e1343a04e2b2b415c0b1649bd3ee2c7c9455c554b9728ff1fe712c0ea89d46c910f1b481e71d5af57f57

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
188KB

MD5
22bc4f0e7ed176e4bc563c5321f5be4e

SHA1
f6d6d414044254a58a655f8d14edb76ef9354809

SHA256
9939feabc92d59d070ec04dc20efe8a02f36f60047170ec583fc09ffd5cfe80a

SHA512
8c7d370f31395d82029021cb76c3961708bfc712deb7f6ef02e58b21e9e7d07eab0fa90a4fbd60d0c46f96eae8b8b7536a8f730a36f5b0635865f00e830dacda

Download Submit
memory/2860-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2860-1800-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads