60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab

General

Target

60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
Size

160KB
MD5

972826c0d25c16a9070043766d36d15e
SHA1

9c5b907682d21d2606594a3f93227c528d3d7c82
SHA256

60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab
SHA512

d1ccffce68fe8764b3dbec18a9f786cb3338ba6dd5947feaca33beb64b41ef94c2ea42260d97eeb361b166387d8c9d7fc3fc372ddc556c47ba498354784b247d
SSDEEP

3072:KQSo1EZGtKgZGtK/PgtU1wAIuZAIuXwFwtd4:KQSo1EZGtKgZGtK/CAIuZAIuI

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (480) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2456-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/2456-26-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2456-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2456-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe

description	ioc	process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Internet Explorer\IEShims.dll.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe

C:\Users\Admin\AppData\Local\Temp\60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe
"C:\Users\Admin\AppData\Local\Temp\60c4a2716597a4e30a60024d78bfb48b842381d709d905a5ff269cbeed3733ab.exe"
1⤵
- Drops file in Program Files directory
PID:2456

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
160KB

MD5
90df973e8297b6c62b658dda17ac5bb5

SHA1
a814fbbba0ff8ba5f3c70d2d662f42c8deab747f

SHA256
bb96b59dd45fdda8e75ef2c19fe0143fb4c9164c45fad4ab8c56011964f18ed2

SHA512
d75d8427178062c54262efaa515532e30bc77eb706c58a9c88f165c942f0112521cc05cbfe7872f30dfaeb500097c6df7601ab8bcedf0c2ecb81993fafb46ef3

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
169KB

MD5
5420f1bd6c41cd11bc33bbb56937f31a

SHA1
a5735d3db5bafbc4d04ae7317469554f1c3ccd70

SHA256
750bf0a7c6aa6e54b6fb94f874454d898665b770c07fe06c7e4062632b59e407

SHA512
4ed39f68791c12a5402ed94c11f951b2a93aadbe71d67b7f98fcd08d4d56667afd6646751583945abb4fac041f93a4cd250ae29a8a3a8279915babf765d236cb

Download Submit
memory/2456-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2456-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads