329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2

General

Target

329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
Size

120KB
MD5

7c5fa50d1d4244879335af7927f5b53d
SHA1

5e60767a985b3f86932c1acbe0172d7ca198b7ac
SHA256

329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2
SHA512

7ba2d2421661d6eca3aaa977731c24c1f821c90083e13e974f6a1b3b04eaa9a749f320a670bd7d359872c0dfa3aa0537366c43fa3e9bb7967ef809b270004dcb
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCR:+nymCAIuZAIuYSMjoqtMHfhfU

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3438) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2220-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/2220-608-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2220-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2220-608-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jre7\bin\javafx-iio.dll.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Amsterdam.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_basestyle.css.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\Azores.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-13.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.core_5.5.0.165303\feature.properties.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-snaptracer.xml.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libnoseek_plugin.dll.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-dialogs.jar.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+7.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme_0.9.300.v20140424-2042.jar.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHEVI.DLL.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Samarkand.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libwinhibit_plugin.dll.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\VideoLAN\VLC\locale\bn\LC_MESSAGES\vlc.mo.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\youtube.luac.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jre7\bin\awt.dll.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_TW.properties.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libx265_plugin.dll.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_output\libdrawable_plugin.dll.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Recife.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-templates.xml.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\epl-v10.html.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-ui.xml.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench_1.2.1.v20140901-1244.jar.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe.tmp	329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe

C:\Users\Admin\AppData\Local\Temp\329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe
"C:\Users\Admin\AppData\Local\Temp\329c7346f801e23cc8afca146c1a6fac19df48fbccb9f40856a4b97efe50f3d2.exe"
1⤵
- Drops file in Program Files directory
PID:2220

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
120KB

MD5
a339f1c5a6effc16bff987cbe4488b8f

SHA1
f16e9181e1b168a6c51fad033e7db22a45da2880

SHA256
697ceafd8bdb2078ade4d2252c50fccc629a26e44f13c6ab323cc78ebfe7cec7

SHA512
e9ab3cfc0fb92156d6933ad216d86911b91aa1a82022cc1e295da8d213cf42e157d3cf8068eb47d9ea3ee79603e57255c3e9b7c6ec5dbdca5fe7bd2976d79423

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
129KB

MD5
0ca151e2aafe6353c74720616fe0a674

SHA1
da48307b17e756f7eec3a5208c5b92be11cae0af

SHA256
b55452a9270089b8ce68d55f76d1081a4afee68079a204310abfb35b0ea273aa

SHA512
cbb2df0eabb5ca0a87c509c82253fb3c2e603e7cbaa79cdc824651fe8674974e22d8ccc3aa44f8d39a99011a5bcc390b34b8b5878d7dd90b8a4c1ddb87c9602b

Download Submit
memory/2220-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2220-608-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads