d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97

Analysis

max time kernel
7s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
Size

57KB
MD5

dbda915517e2d79164ac74e7512b377b
SHA1

fe03676345fba2d71bbfc66aad52853cecfa79ec
SHA256

d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97
SHA512

41426e2c2874d9263b340e476720029b2b0f03234865e7ec62420fe0968358c81107ce0d4d3c573eec93bb37b959fe2c7119c4bb57b85651f7e5e491433c919e
SSDEEP

768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFUw:CTWn1++PJHJXA/OsIZfzc3/Q8U0Z

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (219) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp	UPX
C:\Program Files\7-Zip\7-zip.dll.tmp	UPX
behavioral2/memory/700-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
behavioral2/memory/700-930-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp	upx
C:\Program Files\7-Zip\7-zip.dll.tmp	upx
behavioral2/memory/700-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral2/memory/700-930-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe

description	ioc	process
File created	C:\Program Files\7-Zip\7z.exe.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\CheckpointExit.ppt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe

C:\Users\Admin\AppData\Local\Temp\d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe
"C:\Users\Admin\AppData\Local\Temp\d8a69d662ddc839b557e3a14c1bd473d5b0235f50f5cf767f54f2d540cff6b97.exe"
1⤵
- Drops file in Program Files directory
PID:700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp
Filesize
57KB

MD5
d469d27fbdcede95ee942f765c2ce924

SHA1
66b5cadb3e05fbf7e3831ac1a95ede70637c4804

SHA256
c2eef0c8a4958de9e57325c83c5cc61164e15b0a0409c0a580576e52a84ec55e

SHA512
4bb4837ee62478a62e9b73018b49e7079a10500d7c30492487a977095d3aa85136d1fb9a3ff5f3ed46185047994c6c2fa1777dc9d8d65a70b1cc417d78334784

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
156KB

MD5
4ad6993afa9a25192f6176b563243146

SHA1
8c5a1e02476e68ea29b325a14d9d6573f97c22f1

SHA256
bc8ac9a693ea69e56208014cf0d76323343c4a13aaf3fe294f20337ed16dbdd1

SHA512
fee02b6d12af2b82a0bf9f372ea1ff9293fb082fe88f4e29215813ff8b34fae650276f990f809c39695406a13190be75fd91a8fac569b6323694a116b22f2c54

Download Submit
memory/700-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/700-930-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download