faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2024 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
Size

81KB
MD5

a8d27954b2f43a632c76d69a7f0542d5
SHA1

95e3e9e07eb829ff1128b03cd0a22ce95bb59a50
SHA256

faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c
SHA512

edc8103537fb4cc7ef320963ef2d940993fc1c049d7098f61e6009de799a2b6861b865f2abb9e7a0244f11e67e1803f454f9263bfffb4c3859da888a5e4cae9c
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8NCuXYRY5I2IZ:fnyiQSoDuXuv3Z

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4710) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3672-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
behavioral2/files/0x000b000000023429-2.dat	upx
behavioral2/files/0x0004000000022949-6.dat	upx
behavioral2/memory/3672-1730-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-white_scale-80.png.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.ThreadPool.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationUI.resources.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_WHATSNEW.XML.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Custom.propdesc.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\v8_context_snapshot.bin.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-pl.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-ul-oob.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.DLL.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-timezone-l1-1-0.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationTypes.resources.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Java\jre-1.8\bin\glib-lite.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\splash.gif.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management\jmxremote.access.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-pl.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.FileSystem.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\VisualElements\LogoCanary.png.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.Reporting.Common.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART3.BDR.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Java\jdk-1.8\COPYRIGHT.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\Client2019_eula.txt.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-ppd.xrm-ms.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libssl-1_1-x64.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Threading.AccessControl.dll.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties.tmp	faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe

C:\Users\Admin\AppData\Local\Temp\faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe
"C:\Users\Admin\AppData\Local\Temp\faa6de8a9efc31c4fcbd6c389df0551b15dac7980fb86c414096a0173c26e28c.exe"
1⤵
- Drops file in Program Files directory
PID:3672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1403246978-718555486-3105247137-1000\desktop.ini.tmp

Filesize
82KB

MD5
a3472baca025b2c55229386ec44b0141

SHA1
d76ecc69f86058d9a26c4f5fab684630f5631cb3

SHA256
60795376810aa655d0175860b91e6f47140f74471f9d4419c8960de2e5a32c87

SHA512
6f558320936f0ea7284cc44002e896657ff8e5ad38d6c361b16be052d9d08b394263196a460a559a918dce38f16aeca2ac7ee76971eaebf4883e4abf3f9be0f3

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
181KB

MD5
b1b0128f9caf77e62428e4c3ece4670a

SHA1
87b53ebce38b887ddde1311dcc9fd1cfd0621987

SHA256
58d3452b37d750d3189df7caddda6b1f0e39dac288e7ec1203d35ca6263243fe

SHA512
b2858457cc8ff7369985c596343a89c7046bf8f9a3192ea2e3369f721da7cd558f4afcaea950e7e22be727519e5d82f4b6660516020ccae28f580af072675097

Download Submit
memory/3672-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3672-1730-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads