Malware Analysis Report

2025-03-15 08:28

Sample ID 241020-yml2lsyfmk
Target e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN
SHA256 e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feade
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feade

Threat Level: Likely malicious

The file e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (4371) files with added filename extension

Renames multiple (2911) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 19:54

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 19:54

Reported

2024-10-20 19:56

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

106s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe"

Signatures

Renames multiple (4371) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Models.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Internet Explorer\ieinstal.exe.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\EXCEL_K_COL.HXK.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\OMICAUTINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\vcruntime140_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.AddinTelemetry.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\vk_swiftshader_icd.json.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-convert-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe

"C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 107.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 101.11.19.2.in-addr.arpa udp
US 8.8.8.8:53 98.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp

Files

memory/2732-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 850d8c505fa01f8ac1971fd216162372
SHA1 5b2b2d3787d5ae9caca2e45e13e4c87286228357
SHA256 3d0855c7c198516924e24c038cb984a8dacfa226a8be98891fad757bb0397f96
SHA512 888266d585c10695cad6a41f77ab7053cd56959c1d3e6d3463f3fff1c1793f7508e0f45ec2851a2f988cacd29a2eee187eb5a5b2deb7c4e77d5fe88eed3041dd

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 7ee84069e45280c779334b0ac1c08092
SHA1 64eb69b9866c2abbf918a30a20ceb72d2a8cd68b
SHA256 f74c4333cffd1ad23b7e7ab38186d97714e869a7bcb84d3111f32eef9191b6bc
SHA512 27afad59575d859945f4bc5493dea219c54978e592f1f2014cfe1296a09457329bc7ba4586f52232c0fce0996eb71f67f7c60f20b0190121b3a235a482ccbc77

memory/2732-702-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 19:54

Reported

2024-10-20 19:56

Platform

win7-20240903-en

Max time kernel

120s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe"

Signatures

Renames multiple (2911) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedback.gif.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\nio.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre7\bin\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-windows_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sendopts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre7\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Rarotonga.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Mozilla Firefox\install.log.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Mozilla Firefox\update-settings.ini.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre7\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dhaka.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\core.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Menominee.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Andorra.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-compat.xml.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe

"C:\Users\Admin\AppData\Local\Temp\e3d302829de08e7b124d0126b4808ef503324dd7bf3457d7fb4de1d7390feadeN.exe"

Network

N/A

Files

memory/2100-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 bbdd7f7693130afa546adf6fe5852444
SHA1 1cd7f8ba3ace53e449b6117ebef7a4117453924a
SHA256 369f5a944a9e7fc8d07391ed287902304a164391bb6380838252a4b1c46165da
SHA512 fb5995eae2729dd1cab4d89e3e7a6c36ce7edefb458b4db886577712789394de53974b796fdd3a4cb0e4b7552962566ff18d5b7863f02f4e68c14bf0f3ea6574

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 82ebe778579bfe8500af076c9e1e2ca0
SHA1 74e19faa9550caab7d95a9f2cafb8cc23af1aece
SHA256 cebc36bddae47edf3186aad6d01ed0390ac21b213ac74eb48ac46acdec9fa32f
SHA512 6886ad917b1313437317241540e44cc8b76dea284a7be9af58216b0f51d6fd9d45fb1c5abba599acd342f99832b52fdc71248d63452d2950f1d8a183866672ec

memory/2100-70-0x0000000000400000-0x000000000040B000-memory.dmp