Malware Analysis Report

2025-01-22 19:54

Sample ID 241016-zp3ykswbpl
Target 9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN
SHA256 9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4b
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4b

Threat Level: Likely malicious

The file 9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4614) files with added filename extension

Renames multiple (3254) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 20:54

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 20:54

Reported

2024-10-16 20:56

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe"

Signatures

Renames multiple (3254) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-applemenu_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Stockholm.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre7\bin\javacpl.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-templates.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Maldives.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\requests\playlist.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-windows.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile.html.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Games\Chess\de-DE\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-attach.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe

"C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe"

Network

N/A

Files

memory/2232-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

MD5 fdf75a39ee567503dd20f5f46408bb0b
SHA1 f99f9faf1e295ac73acac18a0accfb7409d47f25
SHA256 a7372f5d41923344d7a549a22e7362db74eaf8557fe0539c5f9868a66f2312f1
SHA512 7f705c5825b4ae65294070456634fb7b910165e8799105645e83df4786d8d15c524f2cf66bae129ecabc308676c40c00f01e19d1f2142ad6789e4ab87cacb65c

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 553de8ea34ffc755194671757c1d58ba
SHA1 9168a774eb200b84df23dfd4a4ee212bb6dc9656
SHA256 5ecd033d9968fda5d1f4647878f590056842d614c547f33b7c47cbec93e9f2cd
SHA512 c05d67f3f38d8de7f4a5a5a45a2adabe5cbb8615b8a0d47f2805da681bf348829dca47f277ff8a8433c77f6b3088822fc2d6a8f40763eb3973af88de319ff85c

memory/2232-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 20:54

Reported

2024-10-16 20:56

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe"

Signatures

Renames multiple (4614) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\mesa3d.md.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore_amd64_amd64_6.0.2724.6912.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesstylish.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jmc.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHEVI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Memory.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.DataContractSerialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jjs.exe.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe

"C:\Users\Admin\AppData\Local\Temp\9e8bcd7302f9b8b12ba3bf5b863ab9e7ed84588a38b4fe2769439a9bcb6a4a4bN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 27.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/972-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 7738fe9e7fe4b235ba76b29805ffb814
SHA1 a959379728748041f1cc870dfd747f3565db6a2b
SHA256 5b4ef6dcad91748815cb57ebd6893a33de82c6f28318df3a141adf6973a9944b
SHA512 cce97aa92d796a53206ae43dc8587611ff06baf6d71e070921735525c42529c4f20a8a1e10ccb6911af61a3715fdaffc6b4958102d5fba376f3bb0bec8970a30

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 33772cccbf0f1a8eda6ffcb47f4a0a42
SHA1 b00dcb7e9f35daa755c6b787574ffb91aa935ccb
SHA256 6f99b02c0707cc7b11451e74e3f3e5e04a7d561f29c2df32e3fffa7ab526f4c9
SHA512 5f4703a7699a812a849575098671315506b2d1db692ca1ee9613717a898befcba6d04bf9b431deb0aaf540f5ead00e4b7cde09b8e8f15c87ff29db343ff13675

memory/972-772-0x0000000000400000-0x000000000040B000-memory.dmp