Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-jn39ysvann
Target 77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N
SHA256 77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6

Threat Level: Likely malicious

The file 77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (3447) files with added filename extension

Renames multiple (4677) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:49

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:49

Reported

2024-10-16 07:51

Platform

win10v2004-20241007-en

Max time kernel

119s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe"

Signatures

Renames multiple (4677) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\MSOHEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\csi.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp6-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightItalic.ttf.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msotdaddin.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\idlj.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Paper.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2XML.XSL.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Graph.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\as80.xsl.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe

"C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/3020-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 07dd34d6779a301386bb8d3ff12b3b60
SHA1 8d319f8fba603d8ba5cc91c08233e872aad2fd07
SHA256 9fc447ae7e298e2c2616b70aa7f236a3135ee1ca5f7427bae033e813426c1f78
SHA512 f681ce012442c713064e8d0b899280cd7809f613d028c9d631b3bf959cc33c88581c28f5d569c0e6ed37763c1d054d80b90488500c66a0f6cc253f21d06dd6c2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2816d6c23bef46702422be2a8e7c266e
SHA1 bf32af02fc7be93ba4270e92a98fd7a1458d643e
SHA256 64aee8decae84819b5d96679a163b9d25f07ccb77ee26b9bb7dbc49b6bdcbb1c
SHA512 d55840a7162a66431e6c72ee30ec44094b848b12e19502304a01f9eaab8366276793f8ebb37f812cdca8bcfb726b5106e8d4ee492cab7a67aca111a5542c6681

memory/3020-790-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:49

Reported

2024-10-16 07:51

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe"

Signatures

Renames multiple (3447) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-threaddump.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\es-ES\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Entity.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libglspectrum_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sm\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\Custom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.compatibility.state.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\deployed\jdk15\windows-amd64\profilerinterface.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\win7.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Mexico_City.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Mozilla Firefox\Accessible.tlb.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\Catamarca.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-nodes_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe

"C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe"

Network

N/A

Files

memory/2148-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 65488e46a0706d6b113f8fb75e91e9ef
SHA1 af40c7c2e025b3e86dc490ac749b54ce51df7e7c
SHA256 0059a55e8752a21af8a08b5e186711ae86b51d660f4b419d4744ebd8895fe65c
SHA512 d85b6de867e2430f010d0aa03caf4f7f4150a962829774caccfc1a46786831246f5937dd15cd4573eee2b373de76ca13f5344e99ca9609e01fdff1c9220b356e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 2726a4a214d423a5afa08b30fdc9b4a8
SHA1 a304c75cbaed15b2a6565d9ea9f798db92852b47
SHA256 edad8d32b595fb2e5dcf2ef0a802222e7498003333ae1bdef811597847ec862e
SHA512 d9432e927b25a86075307444ecf92697cecb7cfde3b1de4d06d1be4f404578e3d8d02be2b93a037d753d31b56439ac4ccfffea7531d1fbb17b4660b7b92303d1

memory/2148-75-0x0000000000400000-0x000000000040A000-memory.dmp