Malware Analysis Report

2025-01-22 20:16

Sample ID 241020-dv7ytsxhpm
Target 0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N
SHA256 0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26

Threat Level: Likely malicious

The file 0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4533) files with added filename extension

Renames multiple (3263) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 03:20

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 03:20

Reported

2024-10-20 03:22

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

107s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe"

Signatures

Renames multiple (4533) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root-bridge-test.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash_11-lic.gif.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\DBGCORE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\msquic.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ScriptDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\7-Zip\Lang\io.txt.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jhat.exe.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLLEX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Modeler.UI.rll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe

"C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/3132-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 92060a23fc13eb753e1d1210671f27b7
SHA1 ae703a32c50f877284eb19b0e53e62d0c554dec4
SHA256 b892ea66f0f9f88ce8dbefaa90895e97c7a0025b51c329c481ca2d13274f20e2
SHA512 6e273979a3475cf5fa3cdbc2871c7518808351e28d6a1aaa29aa3251a48ca018051019811d0257180688f341bcf19c972572a3f6f47907f1b75241b80134ec24

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f97935fa44c4d5faec4d0ff2e0ff2ed7
SHA1 470415087b85e6ef594406eef308ee9c56fefbbd
SHA256 0a71ea3ea91af01a7f775d74fb8c9fca3328f185171b182bd1454712f3c54de9
SHA512 0eed5651e73b2dbfae1f73d0b45826bcac282c90f4c2fd1c5143575ba9123d6a3def15fbf54d14da544218ae0d743992d40e5b8faf090b69736d2e84e83a004e

memory/3132-660-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 03:20

Reported

2024-10-20 03:22

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe"

Signatures

Renames multiple (3263) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-util-enumerations.jar.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libscte18_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Detroit.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\VideoLAN\VLC\libvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\System\wab32.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\PST8PDT.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kwajalein.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lt\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fy\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-plaf.jar.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\ja-JP\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\7-Zip\Lang\fi.txt.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Warsaw.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.oracle.jmc.executable.win32.win32.x86_64_5.5.0.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Moscow.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\koreus.luac.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\diagnostic-command-16.png.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.tmp C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe

"C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe"

Network

N/A

Files

memory/2964-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 8fa15639293dedd16c21d86a4598eb43
SHA1 e3c09a9621ea052897e936cf2c6733a2c92e31bc
SHA256 10de1ad806acf509cec9ad95a3809119fa6ff91198c8efab848cce6f77e7a200
SHA512 b5fef76268c39b718ded6a83ff4880365b3eca1905026213f9c4e7138812f3f17424698d9f41104b14d90875859b714e0ab2a60974d722ad32e4e4de3885ac7e

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 43ea3cd25f54c0527c5e147d54652e38
SHA1 0b71ad498ae3ea0f646d1677c880147ce42e1846
SHA256 35be8fd0ad9743935f2fa9536e0ba16efe26ff71cd65f682891f8e9c2b935a5e
SHA512 113dc3b25486c9197d4f4ebcb994a7af55448b35c3e5bf8fa5e192eec34ffc4588b44a1b960fe47bf7fc6903aa07f9d0c3940108006452060c2bb553afecf77c

memory/2964-74-0x0000000000400000-0x000000000040B000-memory.dmp