dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b

General

Target

dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
Size

74KB
MD5

2ac46e6596a14251d9a8d568b69212d8
SHA1

65cb206849d647e3c4a7736d2bba825fd66961e1
SHA256

dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b
SHA512

46bcafdc89dfc06756773719f185d74e0216992a3d4e872dd5c40501c73439430e7b362242950926ab1278b895da1bececb16a4261f524d56b3d13f75c883173
SSDEEP

1536:67Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8yiT:+nyiQSoC

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (3700) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2972-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/2972-660-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2972-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2972-660-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe

description	ioc	process
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\init.js.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\dnsns.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-annotations-common_ja.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiBold.ttf.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\RedoNew.clr.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_record_plugin.dll.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.jpg.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Accra.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.dll.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Conversion.v3.5.resources.dll.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Windows Journal\Templates\Graph.jtp.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\avtransport.xml.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\21.png.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\ChkrRes.dll.mui.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bg-dock.png.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_snow.png.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Dawson.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\lg\LC_MESSAGES\vlc.mo.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\10.png.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\VideoLAN\VLC\locale\es_MX\LC_MESSAGES\vlc.mo.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.diagnostic.ja_5.5.0.165303.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_zh_CN.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-api_zh_CN.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Microsoft Games\Chess\it-IT\Chess.exe.mui.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.dll.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsFormsIntegration.resources.dll.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot.png.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Microsoft Games\Solitaire\de-DE\Solitaire.exe.mui.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dial_lrg_sml.png.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_ja.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\timer_up.png.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.registry_1.1.300.v20130402-1529.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-modules-appui_zh_CN.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_partly-cloudy.png.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.rcp_4.3.100.v20141007-2301.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp	dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe

C:\Users\Admin\AppData\Local\Temp\dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe
"C:\Users\Admin\AppData\Local\Temp\dd99b3b7d5407919be8719efdde7243a77e9db3a8c99bbf0d96a8b61c0c8f18b.exe"
1⤵
- Drops file in Program Files directory
PID:2972

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
75KB

MD5
ed7cf32469de918ca489ab6a0646b12a

SHA1
0e249c5f92964b824a13c1a96177f2cfaef16cac

SHA256
9501c53712b7e248b6521592fdc08091a09c1c6a8402f7720130d6725c7f44e1

SHA512
aad80d461c0ba4d2e6fbb3d66d344666dad65e26d8a9d0eb713d223fca87be1498904fc28b1d56972af92efa759177697a0ac3cf6f5bce6911a78321a49698d6

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
84KB

MD5
7b2b86daa50f7aa837fd21cc80ee0139

SHA1
025ec566debd8684cdc5dc830a975257d5e37d25

SHA256
ac3ba68221d3e41279e58e019dce0b6ae0aaaab9b1d6b7d076d754c5ee558ca8

SHA512
47d666fb7f5de2fabe40b7a055edcdaf08eec854e2845c9a5ee3b3d825c72f17182d0266261c9a84e8261489a87e1408b4199b2f97b678325194d3eec29f83e5

Download Submit
memory/2972-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2972-660-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads