Malware Analysis Report

2025-01-22 19:56

Sample ID 241016-wtqx2axhkl
Target 9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN
SHA256 9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109b
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109b

Threat Level: Likely malicious

The file 9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4647) files with added filename extension

Renames multiple (3201) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 18:13

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 18:13

Reported

2024-10-16 18:15

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

105s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe"

Signatures

Renames multiple (4647) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\hu\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.Interfaces.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\7-Zip\Lang\sk.txt.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.Lightweight.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\lv\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeServiceBypassR_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfxswt.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\eventlog_provider.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscordaccore_amd64_amd64_7.0.1624.6629.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe

"C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 75.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 23.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/5028-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

MD5 04e12070209cfcd77a4eed42dbfd7c7f
SHA1 c0d1f9f3f818a37b653e858f2fadfa89ff83b2da
SHA256 1226efc1181137cf2f5bd6fe6458fa0540c8fea996c9fcf7f43b4f56085ed8a8
SHA512 52f7216ac689337eac5cb6b70d37e93e26ad93e0d781a932c477ee7131c7fb0476dbaf7c6e2d6142b4b90a860ae850a295fd32d58332513e57281395bb5f412c

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 e58064c8235bbb01b92cec587019838c
SHA1 4a018f84cdf2de5824bb474755b8d7e67d0115ab
SHA256 379013577d68485d3fab34a9d3f3435e2ac83b5d64ffd952d7643189b01bb1f0
SHA512 21a95f73af0429aae3b62753bb072156b057de54d10eca2a063145c9bbebb2f796ed057d333eb7d51bacb5b8611a3dab6164081b01262278afcf747b9ebc1a98

memory/5028-785-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 18:13

Reported

2024-10-16 18:15

Platform

win7-20241010-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe"

Signatures

Renames multiple (3201) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Guyana.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Antarctica\Troll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\dragHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Luis.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Auckland.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\config.ini.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre7\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\ja-JP\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\PushFind.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Omsk.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\ja-JP\ChkrRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-spi-quicksearch.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\rightnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\es-ES\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\7-Zip\Lang\af.txt.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe

"C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe"

Network

N/A

Files

memory/1700-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 b5cdf2f7df864ebbef31a9576a545421
SHA1 073897c0643291ea4f6aba309bff242e29a46d78
SHA256 60778778bfc94f9e72d0142277640352791269deb1501e440c865e2e11099759
SHA512 1deb3441c7ced6798532462be7e639cba5beefc17177b8b0e81366f05640be4b9462ffce706bd1c451f6354e99e0b95113ba0a599c096496a0c13fc875bb8247

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f4688634eced7141678949206092ccc5
SHA1 9dc2bbb086536b332d7ccf2bf800012a05cb654a
SHA256 5453019989702571c3eac4339205f98e02544dcca39c7dc7ff96fc52225ebcd8
SHA512 77c624f31f70de868f25056f1f17183fc2d5bd5f666956c51fab981225c860d26b5c06aae7d92110209780b5c9940d83582627df40b39ead6bd81ec87063cf85

memory/1700-69-0x0000000000400000-0x000000000040A000-memory.dmp