e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43

Analysis

max time kernel
10s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
Size

82KB
MD5

cc293a239c3fc93446e85b79b977cdc9
SHA1

687f79c0c36c4042c245620db42cd0681df2b4dd
SHA256

e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43
SHA512

c7150439b2fef3a1a219ba445081a1368fe222f8525d60fb2eb715f9235ba874289c895f1f982a0c5b3c29dbf11f10af40a7d952a294dabac41c8848a9cef854
SSDEEP

1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxSLkby:fnyiQSo5Lf

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (215) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1604-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\Program Files\7-Zip\7-zip.chm.tmp	UPX
C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp	UPX
behavioral2/memory/1604-1468-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/1604-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\Program Files\7-Zip\7-zip.chm.tmp	upx
C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp	upx
behavioral2/memory/1604-1468-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe

C:\Users\Admin\AppData\Local\Temp\e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe
"C:\Users\Admin\AppData\Local\Temp\e34513dc9193f4551b8174ed9949b88a2a188524d6c2630adb059d2ef6762c43.exe"
1⤵
- Drops file in Program Files directory
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3728,i,14221647728265121051,6840906015709541562,262144 --variations-seed-version --mojo-platform-channel-handle=4100 /prefetch:8
1⤵
PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp
Filesize
83KB

MD5
816eb2cfca6f0cccef096ccf8181fcdd

SHA1
2d5d85d048b248b912769d10bd05b0c24ce30eec

SHA256
8a5302e4d0f7a65f7b5078feb716beaf4b44686639d519dfe4e6cad7e276a720

SHA512
6684503f8e57b43cf02530aa3d145237e7b47f80b1bbbc643dba874351d9b4cc8bc912c7b2e98f8d39904a8b0f1dfd212ac23bfb33d37891cde76fb6026a5efa

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp
Filesize
195KB

MD5
6a52418311a559dc4f394ba983e9eab5

SHA1
df1ad6c46687c3b6f2238bf2ba409e4da114a8f4

SHA256
e232eafbf5853b6006e8a06d5c5d35779f97d745e87ec9a708e70d9ce6f06bd7

SHA512
6210f2f08d635dde78916fecbf48ff8d40481c35d0699f39bdd0457ed4115236cabac0b3a840e37db5963c4227e648eb55bf420fa09e30a7351d823b2997dcc3

Download Submit
memory/1604-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1604-1468-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download