Malware Analysis Report

2025-03-15 08:27

Sample ID 241020-yenv8swgmc
Target 14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N
SHA256 14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0

Threat Level: Likely malicious

The file 14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3769) files with added filename extension

Renames multiple (3080) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 19:42

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 19:42

Reported

2024-10-20 19:44

Platform

win7-20240903-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe"

Signatures

Renames multiple (3769) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\splash.gif.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jmx.jar.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Tbilisi.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\css\RSSFeeds.css.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Port_of_Spain.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\en-US\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\win\CP1253.TXT.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdav1d_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Windows Mail\it-IT\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.widgets.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Irkutsk.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_m.png.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Mozilla Firefox\install.log.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\CROATIAN.TXT.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libinteger_mixer_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\clock.js.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Windows Media Player\en-US\WMPMediaSharing.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\HLS.api.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe

"C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe"

Network

N/A

Files

memory/2260-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 1ed58c2a7915510b6a279f666298995c
SHA1 77496c42f01acb446fec7ee8e9f0d12f5933b965
SHA256 e6d63c2ebbd0eb360cdedfc18adcdcc379c5cdfbf7fc99d83f8112a3bdd65502
SHA512 28ab4da40b0ee9888b4479b87fb005c07bf267d7f85e6ca0f82838866fd029aa12bfd296d8549443d938a0b2f054738f97948cb4a6ca537d5cddc64014b5d578

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7a9fb214aa73e7e92bd8622077dec7b7
SHA1 3ad4ebde8734d0f5568300281a845ddc31082ef7
SHA256 d237dde323b5737075b357f06b60d778fad124587c4ab33facd62c23566b77b9
SHA512 93ab40d23cddb8b89fd8c4313dccd702e2a96dc225d9df6e825fce48da0637a6c932258bdddae9d75cd94bc78f1359d8ad1f9adabfb4f3a77a615719bb9fd5a4

memory/2260-72-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 19:42

Reported

2024-10-20 19:44

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

151s

Command Line

"C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe"

Signatures

Renames multiple (3080) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\unpack.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\DisableSync.odt.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\DismountUndo.m4a.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Dataflow.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceProcess.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XmlSerializer.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\7-Zip\Lang\lv.txt.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PenImc_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pl.pak.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe

"C:\Users\Admin\AppData\Local\Temp\14fa19c2fbb51af8e65e699be1a6cbc5ba2fd7e7dbd0f7a0f99c16a6644b14d0N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 226.108.222.173.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/4220-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 39851a05a00bcd93c908caec307f4a53
SHA1 59295c90c3b6a86dfe7bbf03fa6dbba776e19fce
SHA256 f9bcbf83e0815e69cb869f9fc178efc9a9839236ff4ec30af63131246a41b4f8
SHA512 5dd3801ca1657c26ac3ed9b7a00aabbcf20af598f9c219b2ee00e99ba8342a2e752cc897d31c32d06049f37f552d45488c9524d993354eed9fd3fe135c5767bf

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 125272a343ba6ff677b41486aa4bd7db
SHA1 bac9bbfe7ca586c23879caef663f687f301f44cd
SHA256 70b013d49b8f2688a40897ea0ddb94e6636ecb80554c296e2554e8dd26741c95
SHA512 f26d7ccb026a838d5f8d7b0201de345f0fce2741e6b21a536b464093325a64b230d76c21205af656f062005787ab727e78dced29ab3fbd2813c0f9feb46d0bfa

memory/4220-642-0x0000000000400000-0x000000000040B000-memory.dmp