2150bb1605d24d876b24671ff6a4102a18940f8afee7f5883d1e107bc7f6195e

General

Target

0f06440a3d0e6dc5227f25da8e8145cf.exe
Size

252KB
MD5

0f06440a3d0e6dc5227f25da8e8145cf
SHA1

56e7a7eb1e1b03e6d00a13f53f0a2bb41f3ffc71
SHA256

2150bb1605d24d876b24671ff6a4102a18940f8afee7f5883d1e107bc7f6195e
SHA512

5361989e0733a6ac5e08600733d6697f22efe9f96974d2fccdab8f0f9fe0bbaf4350ee3bc9604c66f455635d9d38d27b2c9b5912b81f43d42492b3c0a13e3b82
SSDEEP

3072:+nymCAIuZAIuYSMjoqtMHfhflixiDfAIuZAIuYSMjoqtMHfhflixiZ:JmCAIuZAIuDMVtM/tfAIuZAIuDMVtM/j

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (367) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/856-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/856-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

0f06440a3d0e6dc5227f25da8e8145cf.exe

description	ioc	process
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Internet Explorer\ieproxy.dll.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	0f06440a3d0e6dc5227f25da8e8145cf.exe

C:\Users\Admin\AppData\Local\Temp\0f06440a3d0e6dc5227f25da8e8145cf.exe
"C:\Users\Admin\AppData\Local\Temp\0f06440a3d0e6dc5227f25da8e8145cf.exe"
1⤵
- Drops file in Program Files directory
PID:856

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
252KB

MD5
383884c8c167ed6e8666074d3587dfeb

SHA1
36e9483f2bd495b5ae6fa403d6f01e4d6a9a0145

SHA256
65a3814589ffc9476a70a9395d49f55dff2c86e6c0bd300d45a36200bcfb9a22

SHA512
1a034bce1686279ed503557141be8788c8b3a4d754a73147e6416cf0e4f858fe731e3b92a8c4718441f78ca6bb424977a4d4ad87c601563787df4690a3b2fccf

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
261KB

MD5
987b0ff57672d8233d55fed01bc2f0f9

SHA1
f9a85f9971b1e1bc8477d497bbfc9e48cb849228

SHA256
1f0eb48b47c7e4f1ff1e3435e66be70bc16c1359031543ec2fb70fe76daa5575

SHA512
54246cfcf05ddd916694ae9b8f1ac810b123df831d5bfbd03e27ffb3b5f6779c8c171413e2510bd9bedf8cc06f8d2d961971066dfadf95b5c4b5521a884eb3f3

Download Submit
memory/856-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/856-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing