Malware Analysis Report

2025-03-15 08:19

Sample ID 241020-vwpmbascln
Target 2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN
SHA256 2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2b
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2b

Threat Level: Likely malicious

The file 2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (3036) files with added filename extension

Renames multiple (4536) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 17:20

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 17:20

Reported

2024-10-20 17:22

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe"

Signatures

Renames multiple (4536) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es-419.pak.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Configuration\config.xml.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\ARROW.WAV.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Data.SapClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office-client15.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\lpc.win32.bundle.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\icu_web.md.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clrjit.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jre-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe

"C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/1284-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

MD5 c70f907acf103f162d6edaca3d24e734
SHA1 bbdee233bb2d9e0121ea7090e4a7146920c00a6a
SHA256 275554761e2244b57beaf3f3c577b0275378641571cf0d8d0d628a7ca433f76e
SHA512 52e6cabbd7b39cb95f56e45c2d6c75a582b075aefdf3c1b4b7a331b21e63ffa0afee37c9e1cda59c8084226d627bfb4f5291faf9a088e93e40df7a91f7f27a92

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 79430a8f08accfb1d981c1646489f33c
SHA1 16037953e222630f8528924ded0c744aa5ac3eda
SHA256 2c7280f1d24e47461032d8c98d9f88837a8b70e50c2733ad9b83784d58eff725
SHA512 092001b5528dd79bca17350b230ec71667b0faee032ec12597e5a4e83bc95eec28d6885ddefbb2adef47dbc253db10044bff2a0f821b5e9a9883c067f64fa804

memory/1284-715-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 17:20

Reported

2024-10-20 17:22

Platform

win7-20241010-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe"

Signatures

Renames multiple (3036) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jre7\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Hobart.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ga\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Port_Moresby.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.IO.Log.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DissolveAnother.png.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\it-IT\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-nodes.jar.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ff\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Monrovia.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets_1.0.0.v20140514-1823.jar.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Yekaterinburg.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Minsk.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata_2.2.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pitcairn.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Mazatlan.tmp C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe

"C:\Users\Admin\AppData\Local\Temp\2fecaa3f8ebfaf9490661bcd326d30b250d00a515518a912bf9148d97d45fb2bN.exe"

Network

N/A

Files

memory/1712-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 ba26b30209405e8402f786423e2963e2
SHA1 556f67d67dba87887dbe89320feccab9dce4cac2
SHA256 2d6caad64b7673c3371d792af915e2ecaaab7e98b0ab3e3930b55c256f555133
SHA512 eba843c2029e3127b7534fd94d141428b2319966accb44b0a7df427b07d5a1e343d516a7575a9f0be2102e85a6c7631eb13d918e6abc858d617fc0675c65fe47

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7dbd90a10912c179c0aad8f9e6846a2c
SHA1 0752d755c8b855c7968f534a50459d6d220ef62c
SHA256 839546ab5e42c741296fbf09f523bfb34777c9379f97fb168b89d97e5fd53e5a
SHA512 f77aa856287769eb4e770c8e2f579b5e66a08683fd3d511d996523b5bdb53fb554e52067540a4917a192d9feb49e7832324fb22923b7a059cb9b14fa4d9bb844

memory/1712-71-0x0000000000400000-0x000000000040A000-memory.dmp