f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
Size

59KB
MD5

749a0ccf968cedd9704e26c15004bfd6
SHA1

6236ab477c0a00d5f140bff16bed86136ceb1258
SHA256

f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378
SHA512

9bf150a023bb97d6c9b59985ecda6658a108abe6b620e8ce453933ac1a707a6e66bbd8072290aa3831772d290b37638f1b92e4c192bc0ac7129262735af23977
SSDEEP

1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZZ7n97nV:KQSo7ZFZV

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (1591) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2252-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp	UPX
C:\libsmartscreen.dll.tmp	UPX
behavioral2/memory/2252-332-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/2252-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp	upx
C:\libsmartscreen.dll.tmp	upx
behavioral2/memory/2252-332-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe

description	ioc	process
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Xaml.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Permissions.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\Microsoft.VisualBasic.Forms.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Design.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Primitives.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemXmlLinq.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationTypes.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationUI.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsBase.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Cryptography.Xml.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ja\WindowsBase.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationCore.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TextWriterTraceListener.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\WindowsBase.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlDocument.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Controls.Ribbon.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-1-0.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Thread.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Windows.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.VisualBasic.Core.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Mail.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\System.Windows.Controls.Ribbon.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\ReachFramework.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Dynamic.Runtime.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\ReachFramework.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\System.Windows.Input.Manipulations.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk-1.8\bin\servertool.exe.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationUI.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.DataAnnotations.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.EventBasedAsync.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\System.Windows.Forms.Design.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationFramework.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\PresentationUI.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\PresentationCore.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk-1.8\bin\vcruntime140_1.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Drawing.Primitives.dll.tmp	f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe

C:\Users\Admin\AppData\Local\Temp\f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe
"C:\Users\Admin\AppData\Local\Temp\f66ac961527c2cc61826f194135fcb9b85622178fe0024ba5b05fac2bf34a378.exe"
1⤵
- Drops file in Program Files directory
PID:2252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4160 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
59KB

MD5
674dbeb17353b5abba9b0a631e0190ef

SHA1
c546af98f3067ace8b74638f834579d7c16997d0

SHA256
5eaf5cb7c0910b4d5f7fa198926160949be2d443f6e59088c5b483e763c23665

SHA512
e2579c1f9d9e74535e07fdc5d6b559a435daeda902eadf9eea4abc54cf72cae455b087e8945d6a4a05a93463484e6e6e4362968ca4127da7b3dbfbdc9cfb358b

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
59KB

MD5
2c4a9a510198e2058731e20109f8bdae

SHA1
48a759611a6643f2e1451ab3e6150af77b3786a1

SHA256
ae05dcb8b1290996b8097eccdbb95945e118468eed67fbd5de384129d026ab3d

SHA512
8e468e76a1ee4b81085b18b60f2955568cbb7163772389a936630d68e42e38d477f4060363674fb4da59551aa66526d35dd289133bb6f5be354a137f5c1c02c3

Download Submit
memory/2252-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2252-332-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download