1aaa253dacfedac31bea9e14438ecfa59c2bcbd273fc0cd793e30edc97ad0685

Analysis

max time kernel
120s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
Size

86KB
MD5

d7ff8f49d4890c8cfa07db786f1c9cc0
SHA1

deadf04a260c033269b6db25a85f685804650299
SHA256

1aaa253dacfedac31bea9e14438ecfa59c2bcbd273fc0cd793e30edc97ad0685
SHA512

63fdb1d0ddc12b04526cdf5c6cc0f24530a18343d9d05a6d0a52cd0915e2e57891020afcb7142819c94cade7024c00bd8c707f26c4ee45d87e9e643722a6b2e4
SSDEEP

1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8jsfEiKpqbr:enaypQSoTEi5

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4637) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4716-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0009000000023478-2.dat	upx
behavioral2/files/0x0014000000022912-6.dat	upx
behavioral2/memory/4716-1808-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ppd.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Grace-ppd.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_F_COL.HXK.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelTellMeOnnxModel.bin.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.CSharp.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Printing.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\dom.md.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Xaml.resources.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationTypes.resources.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-pl.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsBase.resources.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\plugin.jar.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-interlocked-l1-1-0.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-phn.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Extensions.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Java\jdk-1.8\include\jni.h.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.Primitives.resources.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\el.pak.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ul-phn.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Forms.resources.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Input.Manipulations.resources.dll.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\pt-BR\msipc.dll.mui.tmp	d7ff8f49d4890c8cfa07db786f1c9cc0N.exe

C:\Users\Admin\AppData\Local\Temp\d7ff8f49d4890c8cfa07db786f1c9cc0N.exe
"C:\Users\Admin\AppData\Local\Temp\d7ff8f49d4890c8cfa07db786f1c9cc0N.exe"
1⤵
- Drops file in Program Files directory
PID:4716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3419463127-3903270268-2580331543-1000\desktop.ini.tmp

Filesize
86KB

MD5
a59d727141b4fb4bd7c2948bc9cac329

SHA1
3a19c4e599db1297554bc318ceb77189a03b626f

SHA256
80dcb85a0a92cd787e357e943da0babb44478464794a6dc6a64302a1184221c3

SHA512
33508f5392982361d9f0c1b93e03f213f9909fa0a528b36711b2a3cd5ebc540d9f01329a23a8a040481201dea8317dceecb805f9855d11b50a0c11d87603681e

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
185KB

MD5
32303a7699467606d1e92e587aa1b3e3

SHA1
fc2462a41c18d5bb9d2242ad0296415681fa4d02

SHA256
ef3822695ba0b31e2a24a3a944d14db4095139b3e44caed10bc3dcabb7f56499

SHA512
4a2fd0e846da6215220cbf7c19437267cc05916168832426845ed15503ce1a4f843c193ec1f927095ff11869218de9e009fe0c1516ecc0e207352bb9b544afa9

Download Submit
memory/4716-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4716-1808-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads