Malware Analysis Report

2025-01-22 19:57

Sample ID 241016-wrje6sxgkk
Target 53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN
SHA256 53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54b
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54b

Threat Level: Likely malicious

The file 53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4633) files with added filename extension

Renames multiple (3222) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:09

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:09

Reported

2024-10-16 18:11

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe"

Signatures

Renames multiple (4633) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EntityPickerIntl.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Crashpad\metadata.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond-TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.HostIntegration.Connectors.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Pipes.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.TransformDataByExample.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WORD_WHATSNEW.XML.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe

"C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 72.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/3760-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 50337b1d7b3d37471717183777867894
SHA1 d4764f0bd05472b0bfc781a33ad9b21851dd3092
SHA256 455e76d7e2a707b6f65419f6f711ba0c91f7d4cabcdddf2b98ecd7b8d946b590
SHA512 65440fefcf1f1bb0ceb82d1bfd7eb8d0eeb78e5322ec176199e42d0e94549c3e6e0661e29485a1d7a744bc72d02936bf1e58ff110e8c0b3cdc01ef5f1b4af621

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 c360b11102bf5c7a4755a4a47740003c
SHA1 5be4de1533c402097058340d0702462223fd5646
SHA256 b7272ec46b23db75ecddb339dbeb7aca27f4f794ef4250fecc98cbbedd9636c4
SHA512 6384e8f6fe26bd3e29c13211c5345b4380630db8234e449379d5ddb705d5e4d5c6b5bdc0df29a9d17a2f42cec6d72c7399dad8af8f415cbfd09255d0d7fded0d

memory/3760-696-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:09

Reported

2024-10-16 18:11

Platform

win7-20240708-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe"

Signatures

Renames multiple (3222) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libdemuxdump_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Microsoft Games\More Games\fr-FR\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-charts.jar.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Internet Explorer\F12Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Mozilla Firefox\notificationserver.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-startup.xml.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.ini.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tripoli.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunmscapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\README.txt.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jre7\lib\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\VisualElements_70.png.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Mozilla Firefox\nss3.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\Documentation.url.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmti.h.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe

"C:\Users\Admin\AppData\Local\Temp\53ad0a21391510154adf2aaf2e5574659cdc9e2e516a51cff43ec28cd861d54bN.exe"

Network

N/A

Files

memory/3020-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 85b6de9d8ec9aa9f8d75dfaa26c3f77b
SHA1 51eefe4d4a4a3581d3d87c23aac15069500a0f1e
SHA256 f68def2387ecff9bdc887fea7f846982dc7e5745f4f37a1c7aef7791096b54e1
SHA512 42eb9c7019ab189a4e9174d97c33d37b60628d034a6ab06bdde3f4e1da7f88186a06d72862226e2f8c2616ea891009131fb60c2dc73e2257d579feb6c54c22de

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 58acc625b1392055bf26d1c8ea0479f9
SHA1 ceae9e86283301a3d0eae95a69d43f34f25ee2aa
SHA256 2efdf19739773f8cb8250ec1410dba10af199712171def8be661fb6a538d9d9c
SHA512 ba9fd460c29474c10e8060740a47ad07da02e3ac3bd1e6846259e05d895af9c1bcb6ab9b18cbe4efb747d092132f6f54a50ffde4cadabf1b57e9b3ce77948d71

memory/3020-70-0x0000000000400000-0x000000000040B000-memory.dmp