Malware Analysis Report

2025-03-15 08:12

Sample ID 241016-jzsycsvdrk
Target 698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N
SHA256 698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8

Threat Level: Likely malicious

The file 698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4357) files with added filename extension

Renames multiple (3167) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 08:06

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 08:06

Reported

2024-10-16 08:08

Platform

win7-20240903-en

Max time kernel

119s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe"

Signatures

Renames multiple (3167) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jerusalem.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\jfluid-server-15.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.IdentityModel.Selectors.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\SwitchTrace.mp2.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Common Files\System\ado\msador15.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jre7\bin\instrument.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\ja-JP\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-visual.xml.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_diagonals-thick_20_666666_40x40.png.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jvmstat.xml.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-uisupport.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Blanc-Sablon.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Nauru.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe

"C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe"

Network

N/A

Files

memory/2196-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 4336b682fe290aa2536c89839e8646e8
SHA1 1f226fe2685981d3681bf29b107ad8c068bec06a
SHA256 85a5b98c951fe8ebd7ec74689d082617610780ef5eff4f6bec55d677f9d21665
SHA512 0572a8946cdf7ede098f83dafd716f4de91afdcef452f19547c50c95c46a0d20624488f0846fcd72c11cbd348f7c3f23ca123af6014c09a846a2c78c97fde6d3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ce1f96c377f544da8cb324a8f834b54b
SHA1 b3107ecdfd6638adaaefbab5e4d3d7d13c2cf389
SHA256 95a549d6d557d384d5f9ed51fa842803c3d342f7938701836cc24183162dfd31
SHA512 19f3f99aa746eb10e51fba096875b1fbfb1a0073cec361e082e44fddb9302cfc1eef142a940b464054220b499e36cdc6fc4f1f2ca9c704c1140a720d88973141

memory/2196-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 08:06

Reported

2024-10-16 08:08

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe"

Signatures

Renames multiple (4357) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Constantia-Franklin Gothic Book.xml.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\host\fxr\8.0.2\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.RuntimeInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\net.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Office.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate64.exe.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Controls.Ribbon.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ant-javafx.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe

"C:\Users\Admin\AppData\Local\Temp\698e8c02a108bd2c61da7d101ceeba20b99b1b890ae4f3c6a94f4d11e787d9d8N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 68.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/1796-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 69f0586896ba1ed0b523a4284663c0f7
SHA1 50419948faf91081cd9e7559ab29001b90176f9f
SHA256 e577e98983bde62f83ef01ae77c2e1b658cddf74b4954b117d40d82bce78f78c
SHA512 7554d06a36fa129e47d38d256bf6e0b8501b30db16481bc1904eb340ba033ec44f595ba2c8fb748765607c630248a63aa920593276774eb51c2a31663d061f5f

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 cdd36f02601b2a2dcd2a307b67fef10f
SHA1 854b39ffe71aa46a0052219f874a5d611761ae19
SHA256 ae028ec6ee43530975a34e5762a96a59d2cdd28199a7a68d8637e4936b3255f6
SHA512 879de319be42746f36f9df38e5cd4cadc3af51e90514911b2bd22c2ab67771d85fcb3ecc938d73a43c879e30fa75e069f3ed938e1f845b846c22f00191168343

memory/1796-658-0x0000000000400000-0x000000000040B000-memory.dmp