96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff

General

Target

96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
Size

72KB
MD5

8787ed5c1130b46aa3fa85d6019ea103
SHA1

004a83580018b8fa7ffd124b793b46f327e4b283
SHA256

96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff
SHA512

ebdff8805a3889c1ce0ce4dc5b85c7e14471cd1cf92b1807fbeaeef46c4dcf24ffdb58bc275146ad8ffcaee956379ff61a30b057fe895112c9ad50e83db34229
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/QbUkNdNe:+nyiQSobUkzc

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3652) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1964-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/1964-656-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1964-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1964-656-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-3.png.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Magadan.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Windows Sidebar\es-ES\sbdrop.dll.mui.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libchorus_flanger_plugin.dll.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Majuro.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ia\LC_MESSAGES\vlc.mo.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jre7\lib\javafx.properties.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\es-ES\css\weather.css.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ms\LC_MESSAGES\vlc.mo.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\BIB.dll.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-sampler.xml.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jre7\lib\calendars.properties.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.AddIn.dll.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-text.jar.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\WindowsFormsIntegration.resources.dll.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-awt.xml.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jre7\bin\jpeg.dll.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\eula.dll.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert.ja_5.5.0.165303.jar.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\js\settings.js.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.dom.smil_1.0.0.v200806040011.jar.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp	96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe

C:\Users\Admin\AppData\Local\Temp\96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe
"C:\Users\Admin\AppData\Local\Temp\96a828040f54253d549fe5ec616d71ac2568d7c15133104afdb80adc460099ff.exe"
1⤵
- Drops file in Program Files directory
PID:1964

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini.tmp
Filesize
72KB

MD5
ebebf6e27264010e39cc6dcb4bda83ec

SHA1
e32cfafb991ce8631d12b898ecdcf70ffaf09526

SHA256
791b63e574d753eb10b0b50356a5dd299dea239687c8ffd122a7adb7cdd822ac

SHA512
87d369ac8f4d8d5e569b1070613b4bcdbb90962a01dbb0522a64bc0a5d7ebac3dbe628000c5953cecd6bf252603f107896b48fcc9426a969ad59494107b57556

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
81KB

MD5
29f901269be7569ddab154a4034f5679

SHA1
99f5d6a49d8490157a38dfca0c28dd7ad3dbfbfa

SHA256
208412b49a82609d2ddf5c601afc61c1519f882c53b72e5b46de84c48cea74cf

SHA512
4f95a2092367087595e46eac238be49e2c6570901ec6f6111bf5b4a9b39a013f95733deca511662f7c4eeeb4f1b6117dc93cda013b8eecafb4ec9ffa7488b25e

Download Submit
memory/1964-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1964-656-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads