6fcb7abb39a95a6e90d3003f12e74ccb72568e87aafd7c0d4baca5424e68380c

Analysis

max time kernel
120s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 09:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a238a48f546245ac13301f87df6c2590N.exe
Size

140KB
MD5

a238a48f546245ac13301f87df6c2590
SHA1

e2a57d96cc9665ed2b1c166b694ef7411e414484
SHA256

6fcb7abb39a95a6e90d3003f12e74ccb72568e87aafd7c0d4baca5424e68380c
SHA512

703651e7d59db582d417f13b6af58d57948d2ddc0a32c331e88fa33dc9287d3ba2916c797073a3a1cb38d9f462268b2715f6a09da2fe0190bc37766801c6be4c
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxviYiaEnKXW53frhSY:fnyiQSo4iYieW53frkY

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4014) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5080-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0009000000023478-2.dat	upx
behavioral2/files/0x0014000000022905-6.dat	upx
behavioral2/memory/5080-1618-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientARMRefer_eula.txt.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ppd.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ppd.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ppd.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\dynalink.md.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-ppd.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-ul-oob.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jre-1.8\bin\dt_shmem.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.CodeDom.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\ecc.md.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\vcruntime140_cor3.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\jmxremote.password.template.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsymsl.ttf.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-oob.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTest-ul-oob.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ul.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\DirectWriteForwarder.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.tmp	a238a48f546245ac13301f87df6c2590N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	a238a48f546245ac13301f87df6c2590N.exe

C:\Users\Admin\AppData\Local\Temp\a238a48f546245ac13301f87df6c2590N.exe
"C:\Users\Admin\AppData\Local\Temp\a238a48f546245ac13301f87df6c2590N.exe"
1⤵
- Drops file in Program Files directory
PID:5080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2636447293-1148739154-93880854-1000\desktop.ini.tmp

Filesize
140KB

MD5
8855ab752748ca367ccd5126ba49e41a

SHA1
b0d7d1c80e24995b0026a767c801dffe20fbc1fe

SHA256
134ebbbe43702da4ae21472a055bd6af13c39009f30bbf95925510548693b1ff

SHA512
796a264dae595699278e5847c06e473583b7bc5205247989741adfece621f04b7cab1ca1d595a9af92a955f64d995c0511b88cffa912f063b2a31e41066a48b1

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
239KB

MD5
bdee2bcb4bd69b12506034ccd1ae0310

SHA1
58bf8b25c667efe7790f632a40f06894330b31f6

SHA256
b642779fce96f5e404d50b4e12dfb9f2e75669f61314a909b45b389c29165ba0

SHA512
349196177f8f093d048292240165c2471f4477a40956a19e90a6ed1d7c856ddb0b39ab773207c117f7fa186f76e72103e8d36f89ebc457e00b5092d7dde9f710

Download Submit
memory/5080-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/5080-1618-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads