f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 04:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
Size

79KB
MD5

598d7e1b5ff55feb8a586a072e9d0fa3
SHA1

57f6def6475cd02616cee102049c17af1f1c5627
SHA256

f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02
SHA512

fe69644496f039706bac1b80bbbe60d5575ff9cc60c637a424d3f411b5ea61c4974101540d37735f08e2ae3209c22125052e6e498c6a0d9a80eca2e3ec0ea21d
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8NCuXYRY5I2It:fnyiQSoDuXuv3t

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4647) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4924-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x0009000000023476-2.dat	upx
behavioral2/files/0x001400000002292d-6.dat	upx
behavioral2/memory/4924-1710-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Principal.Windows.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Retail-ppd.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.ZipFile.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\pt-PT.pak.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ul-oob.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-oob.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-100.png.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.Watcher.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.DirectoryServices.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-heap-l1-1-0.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Ping.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ppd.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-pl.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Emit.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\ReachFramework.resources.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as90.xsl.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.resources.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jawt_md.h.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlSerializer.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\.version.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Primitives.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\bn.pak.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe

C:\Users\Admin\AppData\Local\Temp\f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe
"C:\Users\Admin\AppData\Local\Temp\f208d7c7ff075d680b42a84c16c5c7e8eaed2a8e5e370b90b87d5029a86ffb02.exe"
1⤵
- Drops file in Program Files directory
PID:4924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1750093773-264148664-1320403265-1000\desktop.ini.tmp

Filesize
79KB

MD5
4196f26c7fbe8f0c403a1db2f4f9d720

SHA1
5c656f5f065c937b2e37e68e58e519814608fda7

SHA256
f1916a4e85c06383a7b2d035e923bc16bfb9f25101ef1224a73f7b4e9e6cabcc

SHA512
b8ebd6cc29958ca4b5497741a72139a3c338aa66b8ee9b293b00d314ba81a34ba213844441ce704a51714845a95ca234d1e6ecd7a665fc12041086f91b9026c4

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
178KB

MD5
328f5e746775af2e07357bf85b9038ec

SHA1
d23458d3e7cdb0fc85d4fc8312986c4bed6fe8b9

SHA256
fae5b6c812410e9dfe1e76cfe7963077503e071e8e50411bfb254247259d9728

SHA512
cedc3b2788c0310e62c227a36776c385efdb497e66ee7e37be47229af814f265df36d0563cbbe991d0ba37942edfac52c725d8491a55668b38a62d10e31b72f9

Download Submit
memory/4924-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4924-1710-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads