b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37

General

Target

b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
Size

140KB
MD5

0e581cb9ecad0ed77c2e0dbe1e6edc38
SHA1

77df408a9a1fd79c594727f945beb9976ed54f24
SHA256

b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37
SHA512

9928f0cf81daae1ba30fb79a2f098a88e1037f3f6c3944b7bc395def4883619c639b480b6591e8091fa4e11623aa48ed99e067c24de6b013fb2c5a989c84af99
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCD:+nymCAIuZAIuYSMjoqtMHfhfmUlk75X

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (2941) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1888-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/1888-263-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/1888-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/1888-263-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe

description	ioc	process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Classic.dll.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Edmonton.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Berlin.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Paramaribo.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_zh_4.4.0.v20140623020002.jar.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\UnlockDismount.mpeg.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.RunTime.Serialization.Resources.dll.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.win32.x86_64_1.0.100.v20130327-1442.jar.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-output2.jar.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-coredump.jar.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Mozilla Firefox\defaultagent_localized.ini.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench_1.1.0.v20140512-1820.jar.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Microsoft Office\Office14\VisioCustom.propdesc.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-print_ja.jar.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port-au-Prince.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dubai.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\SplitSwitch.htm.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Tallinn.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.tmp	b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe

C:\Users\Admin\AppData\Local\Temp\b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe
"C:\Users\Admin\AppData\Local\Temp\b9b772b1d0b327a5c7f6c4753b634e28a3d257af49d33c0487f40f7d0fc68c37.exe"
1⤵
- Drops file in Program Files directory
PID:1888

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2248906074-2862704502-246302768-1000\desktop.ini.tmp
Filesize
140KB

MD5
0f232372c490dffb7504428a7fdd21a2

SHA1
7d0726e9da38b51db53e628eaebee87a0c502f2c

SHA256
edec1225e2e2b4afcff88b9a807c39f56748600abd1a3d0791096a2ddac81ad8

SHA512
f9ff37e640506ad260a0ad0f17301a4ff425249d56fdf5fb7fcdb8ca010d42be2b1ebfdf74685e28ab2796acfdfa798438a4b4701e4ee4807eb61e25b11271d1

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
149KB

MD5
43e2cf847d1f889a2dc43cbe867d5e65

SHA1
54bf5cb5492dbeba9cbd14eebefd6d623c53bf11

SHA256
7070ac9423ac777aa0b9a8085d7eb95c0f201e199f7651beccb83c6fcf96b0d3

SHA512
a384bc47dd4dbf085a3cd080fc614ca01acdfe3950cd58e7c3df8df97ac04160a51ba46d2284cedac20c8ce7ae0a3c8339c660af6191f95a44ddb9c5da20d4ae

Download Submit
memory/1888-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1888-263-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads