db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac

Analysis

max time kernel
23s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
Size

97KB
MD5

247e8ad06cdaf479c538c1077c378e00
SHA1

e8675195b36f71352d0e11be968e6ff60124e095
SHA256

db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac
SHA512

2d97ad099f5d8d1214fbea61b19bf11f0738e49319553eda876461de7e6cd6055f35dea65340f7bf7650a99bdfb6822eb71174b2ebcd68ab473b905a91cf7e8c
SSDEEP

1536:a7ZyqaFAlsr1++PJHJXFAIuZAIus0J0/AnAr:enaym3AIuZAIus0J0oAr

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (210) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2964-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp	upx
C:\libsmartscreen.dll.tmp	upx
behavioral2/memory/2964-430-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe

C:\Users\Admin\AppData\Local\Temp\db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe
"C:\Users\Admin\AppData\Local\Temp\db19e69bc306f92002a407ad3e266c12c2c2b24ac8cf2e3629b13bf8b304b2ac.exe"
1⤵
- Drops file in Program Files directory
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1348 --field-trial-handle=2280,i,716736634476467098,11449718822158202904,262144 --variations-seed-version /prefetch:8
1⤵
PID:4424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
97KB

MD5
9b07864b748917ecb53e0ff86dca0e65

SHA1
69fc1e612bbdf51a582e65154df5bc8a0f85b4e1

SHA256
a5ad904a5be82e1e079ad18d59252c9a9c8c136bc2e036760cb8402bbd038c39

SHA512
439e4b24af5844904d24a4af52047052ec64fe3606f426a578ae2e1a072065bfd37fa3ad27e04558b3c12c5ec2cc9f61e1ef9bd3fd7df92b6ef16616f3164543

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
97KB

MD5
7ca7045edeea491fceb650e295338360

SHA1
49028f96a89ec70febc24392dac83be7eedd0b6a

SHA256
dc440519c41a720867895e0da4aeec12ee11e671d454bff52cd0cb08d53b9276

SHA512
f7b5d5b1d80b2bda0f302f68f98e0ca3b97d2db683ef3e48e551b52a7a3290073a36546a0a1ad54ed0f131eb3d6d61b712fc808570bc153dbb97c304b3b0c717

Download Submit
memory/2964-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2964-430-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download