Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-jqnmaazfnd
Target 77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N
SHA256 77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6

Threat Level: Likely malicious

The file 77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (1028) files with added filename extension

Renames multiple (5190) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:52

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:52

Reported

2024-10-16 07:55

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

125s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe"

Signatures

Renames multiple (5190) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\coreclr.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f33\FA000000033.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-white_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Median.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe

"C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/1844-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 820c9e81e00b93d735be500eca48fb60
SHA1 b772b532b81e54a15e77867ec459e05977fb8854
SHA256 9f21ba3df59558cc630e3eba743572b56ba2a375bf4497e8905ab240f2137d73
SHA512 70950a63c677c66a774618e7f150e58d9ba17e039263caf54c5062e41716ed56a6eec40efd4e2f086a3d99a25fc0b0ca20c1f80015438185f18c89e5f18fc825

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 26edb9e572209dd496bfe8db12b3eedb
SHA1 da4e8b2121d3c948af235cf61ce47a0868be0a7a
SHA256 08a2ff17df683d9ea845d2d8695a51fdf25d9ffe41957abe765fd41437a52ef6
SHA512 489445d1d486e1e82994c2423c0f162c0a4d70ee44f81b455234eb4bc3c08b03aabcfb3b951b37a84065202b6354fecd5409dbda3ed3881fc7e48df27d75c265

memory/1844-787-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:52

Reported

2024-10-16 07:55

Platform

win7-20241010-en

Max time kernel

148s

Max time network

20s

Command Line

"C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe"

Signatures

Renames multiple (1028) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yakutsk.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaSansRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\7-Zip\Lang\nb.txt.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Christmas.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\AST4ADT.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe

"C:\Users\Admin\AppData\Local\Temp\77b1bd65fff83141f5297cd5cf29bde6d395de6256e7bb0f5a9766c7ce3ea4a6N.exe"

Network

N/A

Files

memory/2328-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 811f0d08eebb41549c983da78b1ae513
SHA1 acdb8b6bd56756f081efce308dcb535c2dc16181
SHA256 5f6045a6b47dce2d14240f181d9e54fe13b2f9faf972619fa980a28c01b1b232
SHA512 560f7e3fd6b6da7b2f193c6987df557cd0d9980649a3a13cf39ef04347f8602d9fca106143700e0c56d975b7e0767a54c0d263ddd49a375226c67a1f358cdf7b

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 1f707e44bb2f2da533f2c4064467c334
SHA1 bdf68d4d27f84869dbc1614b83190b060f425b27
SHA256 4c084d0a512633e05840026b2ca4b778f5f563e33fa764edb20d76b9a3a1c008
SHA512 5de624eccf973cda3cf9c82c945ae49a01c8631fe18b4ce824cbac9c03334a7d3a5cdc7c40d4dae08e68219e41fa15dfa9c9500145c2cf6c897ef7841765b196

memory/2328-20-0x0000000000400000-0x000000000040A000-memory.dmp