ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92

General

Target

ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
Size

129KB
MD5

358b9e825c4824e9913b7461eae21b08
SHA1

fdb58d4fd696489f53b8c765d64a36210d2e0864
SHA256

ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92
SHA512

a87fc6c1da737c3f0bce7653c2c5cefafa2e8ab41042de561ab921ad0c0ea1dc19b385eac1c1a7e65f410811a8dd58f55fdd2d977e3b61b4f29db16eb2a600d4
SSDEEP

1536:V7Zf/FAlsM1++PJHJXFAIuZAIuekc9zBfA1OjBWgOI3uicwa+shcBEN2iqxtdSCe:fnymCAIuZAIuYSMjoqtMHfhfU7JK

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (510) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2776-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/2776-68-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2776-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2776-68-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derby.war.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Internet Explorer\ie9props.propdesc.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe

C:\Users\Admin\AppData\Local\Temp\ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe
"C:\Users\Admin\AppData\Local\Temp\ebd36e1bf766c1cb93499cda7f49f77ef51c60d46d856a12a19e168b393e4b92.exe"
1⤵
- Drops file in Program Files directory
PID:2776

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
129KB

MD5
ed89fa6ce0ec8a61723c6d20c477c672

SHA1
b39455b6bff8ae85055e914cee9a485c70b16a15

SHA256
ec56e692f8a817b65b3440a93aba7308d72569a2b6cf1553d46ea88ed2fb3699

SHA512
22e0f7101f6be7bdb4ba6c97571ba02840e7e89fdc050c0f0ca287cc50d96c2eff87ba0cd182b808555429b2003233bcaaa04f63c7b7e848e0a0ac9bdec3fe5b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
138KB

MD5
516c5cdb77fdc2d727076f72420c14aa

SHA1
2a27ee0b04c8ff2b08ad53538a539ff207e26a67

SHA256
9dd059231a7f63053ac0777e16ad9a837a18e0648d94d9a76f5b8d70ff217f85

SHA512
34b18b5ce57b9814c16c0316ed74355e056b31069578a7171174c79b4277ae88916cd1fe6f2a379f339162351fd8dabc24a9e4237839193fd6abb0c10a84a3d5

Download Submit
memory/2776-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2776-68-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads