ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863

General

Target

ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
Size

121KB
MD5

24f73f6d539f7aa0708d3ed780d533f1
SHA1

2157d892f5b1545fb94a5573369fc4389b148cd5
SHA256

ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863
SHA512

4a105b25ccb905e68f853fba9b03ff2f1c006464637ebd65d7112d886c7b334b847b7a4ff0dff20793dc3e3e71d043eddbe47ecabb8eced627d5cf7e56a18545
SSDEEP

1536:67Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCS:+nymCAIuZAIuYSMjoqtMHfhf3

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (554) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2244-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/2244-74-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2244-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2244-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\Xusage.txt.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\unpack200.exe.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2ssv.dll.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JavaAccessBridge-64.dll.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Internet Explorer\Timeline_is.dll.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lv.pak.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe

C:\Users\Admin\AppData\Local\Temp\ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe
"C:\Users\Admin\AppData\Local\Temp\ce69a0bcdf5bbdf2a8384c2febddd5db5c93ced14428a783a2fbf775caf0a863.exe"
1⤵
- Drops file in Program Files directory
PID:2244

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
122KB

MD5
2582cad46af9e38613bdf0f04aa5e252

SHA1
c4dcc172bae18cbab3670e9fb6f9ff64da6334c5

SHA256
61cb5e685bbc7679c407fb4ebb0fb8f3eca3c932e6e5b80f2053bda12a351fe8

SHA512
9fbcf63699b2b64db746875cc025b8da17471ca85ea236f7253b27bf37de28241150f7f5e91f4ca21a2c36f8b41ada37340797996ea1fab5f009adf0e44ac096

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
130KB

MD5
5898b108edd522b7a5efbadf6ce9e591

SHA1
e9989d8805f9bbc82c4876af13cbf184649c0694

SHA256
6e67e775d4390297874fffc2d7f04b853cd3f9d7f0765de205681d83679064b1

SHA512
8f0d0ca069a7cba3dbc4f1f3c471f3017f3ba307e050434c132f605aa7eaf9de7ebc6850cc42ec92f77b7c9659525b4288bc7a93c60be40001bb7abe8c8543d4

Download Submit
memory/2244-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2244-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads