7f3e30ce66c6c0c7fd8d6ad936f9332ab940f666afae1c1c086d67552afefbd8

Analysis

max time kernel
120s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bd485680b4e434d89fa7effe8069a70N.exe
Size

21KB
MD5

8bd485680b4e434d89fa7effe8069a70
SHA1

9dd304844339ad59b6b112cec055e024337217e8
SHA256

7f3e30ce66c6c0c7fd8d6ad936f9332ab940f666afae1c1c086d67552afefbd8
SHA512

8d1bd390dbd1018409f0182d6db68cb7c626cf36b694b91da0414451b8e4815124b6987637a0c1d5de5ae045adf74c00ab5eef9098ca712dc957e452542acdbf
SSDEEP

384:QOlIBXDaU7CPKK0TIhfJJcbQbf1Oti1JGBQOOiQJhATm+uA+uU5tlua:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJx

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (4633) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2080-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/files/0x00090000000233f7-2.dat	upx
behavioral2/files/0x0014000000022905-6.dat	upx
behavioral2/memory/2080-1116-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\mesa3d.md.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-100.png.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\calendars.properties.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_OEM_Perp-pl.xrm-ms.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsFormsIntegration.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG.HXS.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Primitives.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Xaml.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Google\Chrome\Application\123.0.6312.106\eventlog_provider.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.onenotemui.msi.16.en-us.xml.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationFramework.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationProvider.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\giflib.md.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\ReachFramework.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Primitives.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationTypes.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-oob.xrm-ms.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-oob.xrm-ms.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER.XLAM.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Xaml.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationTypes.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.Authorization.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.ResourceManager.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XDocument.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Accessibility.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\javaws.jar.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp	8bd485680b4e434d89fa7effe8069a70N.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	8bd485680b4e434d89fa7effe8069a70N.exe

C:\Users\Admin\AppData\Local\Temp\8bd485680b4e434d89fa7effe8069a70N.exe
"C:\Users\Admin\AppData\Local\Temp\8bd485680b4e434d89fa7effe8069a70N.exe"
1⤵
- Drops file in Program Files directory
PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2636447293-1148739154-93880854-1000\desktop.ini.tmp

Filesize
21KB

MD5
7d4e61b83a0651d6844f80a90962dca7

SHA1
8dff196cd97a8623360b9a475b7d258e5d0d2a84

SHA256
4ae6b070fa1487370f09417bab26b3f5a73331ab2b123986959c779952c5a4f7

SHA512
6726d4a1cf7ecd51a3fa041ba2f7742e311f57070f187bf3dc3d9262419d79194bfd538d936c751e19104242b601c7fa52c88c92f712764e139cc5902eb86209

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
120KB

MD5
652668055d370adf17c33f8da4b4f015

SHA1
6e0472685c5808109abafa4f33d309f15ac332f0

SHA256
a414f5d0dc96b82eb4df3e964a8a159a7f50661e90ba563a55c350d2753018d1

SHA512
15e9c0b7477b79addb1ac15563e9efeebb2fdf90bfa84f3301c220c537eac9a3f49299dc19f92c7459db99cda252078bb76387b6bad7f57f0f0c97744d04c060

Download Submit
memory/2080-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2080-1116-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads