14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4

General

Target

14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
Size

99KB
MD5

02c5e6bc836eec78fcf882db56e393c1
SHA1

9e7c6d04386dafd07bce50bb075b451dd0dc4af3
SHA256

14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4
SHA512

61fdf94150028564953a20fb47bfaa2d275b6f628c515debd8f60976a054ff962ab89c4db795f39c7fa2327d559a1d1545a9646d6b0fcacacd817c98f74d7117
SSDEEP

1536:Isz1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCow8hfx:hfAIuZAIuYSMjoqtMHfhfx

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (604) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2216-0-0x0000000000400000-0x000000000040A000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/2216-26-0x0000000000400000-0x000000000040A000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2216-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2216-26-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\splashscreen.dll.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\fieldswitch.ax.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
File created	C:\Program Files\DVD Maker\it-IT\WMM2CLIP.dll.mui.tmp	14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe

C:\Users\Admin\AppData\Local\Temp\14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe
"C:\Users\Admin\AppData\Local\Temp\14978943d59801a0d1c88b1809d56b0f8864db7359d7d609e1666eca401d38b4.exe"
1⤵
- Drops file in Program Files directory
PID:2216

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
99KB

MD5
e254e3d4cda29139d57eeeb678e1f1ea

SHA1
1c85b15fe0aea7097abddc1747f9951f4e1a90d6

SHA256
99275b9e03d551779fd2ec23a26a627a6a4aec56c1c178ef0a09ed48157dbf9f

SHA512
b994841077607fed4b361a096ad76be3c6ea8a15223c7753f95b37d44fd7eaf68d8f7c32acd54f3efc94ec0dc99a2585cb7260b917f83835114e343865aa9e57

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
108KB

MD5
f7a99c5bf8a7a1a8f8a4e0e6533d4a34

SHA1
e6ff38d31723ae73e42bb15736cd31777ec70fa0

SHA256
abccf190d22b537c0c31068bab8bfa72a2c8202b30ea50851f2f07cd539edd56

SHA512
36007b2cb3f6b639d647f5697081e33062670dcd9a78b50bf3aa340b4476957194a47f94ca3fde85e537421f138cc471d7f5c560a851519e53d3ba2d09857ecb

Download Submit
memory/2216-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2216-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads