74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551

General

Target

74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
Size

163KB
MD5

17bf9acc149e57816b1f9e2ea01db975
SHA1

3c8fbbe114e82e7f4899f416ba489fd6aef4e5df
SHA256

74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551
SHA512

cd8e225364144219b1eeab8c0d9bf479fdec8e046fd4a36493b592ba34ba6a4f9a4b5664cfcc85a3e9018e2e222ad63e6dd8eede5bd954e58cad1899a0ebfe82
SSDEEP

3072:+nyiQSo+xFiQSnJOIYTXof60qoYKQJdRXOiaXt5iVgmz:JiQSo2Vtof6zRjdpOL95y

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3454) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2084-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/2084-582-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2084-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2084-582-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\speaker-32.png.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_ja_4.4.0.v20140623020002.jar.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Microsoft Games\Mahjong\MahjongMCE.lnk.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgRes.dll.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-views_zh_CN.jar.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins.nl_zh_4.4.0.v20140623020002.jar.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libreal_plugin.dll.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata.zh_CN_5.5.0.165303.jar.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\new-trigger-wiz.gif.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Samarkand.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Pangnirtung.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libaribcam_plugin.dll.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-fallback.xml.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Adak.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application.zh_CN_5.5.0.165303.jar.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Hovd.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_ja_4.4.0.v20140623020002.jar.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Microsoft Games\Solitaire\it-IT\Solitaire.exe.mui.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe

C:\Users\Admin\AppData\Local\Temp\74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe
"C:\Users\Admin\AppData\Local\Temp\74cb0d4e1d03a4b67f75e0a3bfa1170b18d425d5e30570d348dcbd38f1ca8551.exe"
1⤵
- Drops file in Program Files directory
PID:2084

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2737914667-933161113-3798636211-1000\desktop.ini.tmp
Filesize
164KB

MD5
7628e0a54786244760df108e72114398

SHA1
b15f6374869321d6028e6f9f75c421ce48958231

SHA256
908a28f851fe46b3b6609e02080d079ca9ef656194a62d415c5efc5b499687f1

SHA512
1ec1ea36638ade17aa511e6e1a9517f5e5b48f41ca6aada42234b0a19b3046ef42ae74e99959a0846afea55d246f9aead31c62dfb5d79413fa2c77428ec413c0

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
173KB

MD5
6dbb172863a1b5bd15c194b86d485cbf

SHA1
5e8b4cfbaa975bc450eac34581a7e7491c4778d4

SHA256
596b8d6103f8a1053f6312a5d90703e95e09ba0ebe8cc49f8c023b73360bc070

SHA512
61f024cc3514aafcc017c98078a81164576ef96b03ac5a66f68a0c92113afabbe17da40ff2686cd4794e1ee46655c1cd5266ef6670c5ddd2fd1a719f88961277

Download Submit
memory/2084-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2084-582-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads