Malware Analysis Report

2025-01-22 20:37

Sample ID 241019-28w1gsvema
Target 83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281
SHA256 83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281

Threat Level: Likely malicious

The file 83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281 was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (3483) files with added filename extension

Renames multiple (5037) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 23:15

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 23:15

Reported

2024-10-19 23:18

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe"

Signatures

Renames multiple (5037) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32ww.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jsse.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PEOPLEDATAHANDLER.DLL.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.PPT.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Parallel.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcp120.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Resources.pri.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_ViewOnly_ZeroGrace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\serialver.exe.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe

"C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/1232-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 8d0579eb9665fb5366a6c4ec41df98b7
SHA1 07002c0cecca19d2bffb3b851acc9fe8df19dcdf
SHA256 6eb2e2245eed0333d8accb441de22890da8fbd5d2a8a3f0732462439c0c81569
SHA512 5086c40277f6b284e3e35e6b208c2d0a6311c101355a55e295ce900f7b876eb5117e4db61b7d1201c2da68c3a535121d46210e2ab31b8d6c583fda8b4b63f8d2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 e11324d42fe7dce3ae6bb8455eed8372
SHA1 dcd06d6a45cf04d0cb3debb9970acc8658444fbf
SHA256 232d24ac43226d23f05c443fab82530dcd1f0aa7c10b4a7072e02e6211baa83c
SHA512 b78755c07a6c6ca1d306e9ec087cbe69892123bfc530bda34f739e7f99b9a15f87032c943c2fdc580d577859d4e1ed34e21fefb7c5bb7ff0e5e7b06e9da354c4

memory/1232-782-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 23:15

Reported

2024-10-19 23:18

Platform

win7-20241010-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe"

Signatures

Renames multiple (3483) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Microsoft Games\More Games\en-US\MoreGames.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_stats_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Mozilla Firefox\pingsender.exe.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile16.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_bottom_right.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-core-kit.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.jpg.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\gtkHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_ts_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\pause_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Thimphu.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-settings_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Journal\jnwmon.dll.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\VideoLAN\VLC\NEWS.txt.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe

"C:\Users\Admin\AppData\Local\Temp\83b4fa39856bb941f4c6057f912f653bd8c7fe0ffd1df5d615c9bec23c5e6281.exe"

Network

N/A

Files

memory/2384-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 f476d199bd8855d15b2d8fcdf4750deb
SHA1 e83904fc1946a8f1b82b0ddce6b2c23f0e14eecc
SHA256 775873d9c782a61a7ed2b1996b7cc7ec7b4ea14e15b9b2e34a25443374a0a40e
SHA512 5f34da1842ade8e4534d8fede6f16e91783e354c99efce2937c1f6d858929c211507d658559469dc6d03ea52d20900dc0d0e2a3982cff2c7fd733278eaee2d33

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ed0e2d3b69042f28d025946540f2d344
SHA1 e9b777ecafda8db40a64ed41f794f2b6a0cf7e95
SHA256 224b458b7cb18f515b2505e25a29dbdb1138f0c43cfa399b746c940ef4362a66
SHA512 45862a02798a4c3cc3128dfeb78e860544430bc88ed8b6e697937a1aeb7d020bbfc24f9c4d0ce56e90088efbf877152d5caa531e6c97c13051d5b9b04ae8fc68

memory/2384-70-0x0000000000400000-0x000000000040A000-memory.dmp