1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5

General

Target

1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
Size

70KB
MD5

5acd933a85196f99826b53cd78574468
SHA1

fd01fd8940dfcc3847cc441ef7089adc3a16cd33
SHA256

1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5
SHA512

147779d10b6d8b76a774615ac73d08e0839bd5b0efec4bd6b2a4b7dbacd9d9f9a760b82c6df3ac356e9a4688289c747d68cd8828896f8baf1b0054f36a7aa165
SSDEEP

768:67Blpf/FAK65euBT37CPKK0SjHm0CAbLg++PJHJzIWD+dVdCYgck5sIZFmzWzXUP:67Zf/FAxTWY1++PJHJXA/OsIZpPEIUT

Score

9^/10

ransomware upx

Malware Config

Signatures

Renames multiple (928) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX dump on OEP (original entry point) 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2228-0-0x0000000000400000-0x000000000040B000-memory.dmp	UPX
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	UPX
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	UPX
behavioral1/memory/2228-74-0x0000000000400000-0x000000000040B000-memory.dmp	UPX

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2228-0-0x0000000000400000-0x000000000040B000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2228-74-0x0000000000400000-0x000000000040B000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tijuana.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiItalic.ttf.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\South_Georgia.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\BlockRegister.sys.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\WMM2CLIP.dll.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Whitehorse.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Azores.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kathmandu.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\DumontDUrville.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Dawson_Creek.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf.tmp	1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe

C:\Users\Admin\AppData\Local\Temp\1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe
"C:\Users\Admin\AppData\Local\Temp\1b3d7946207b04ca8f8c76de1192b0d2de3d2fa9f191461759e8464ee60f70d5.exe"
1⤵
- Drops file in Program Files directory
PID:2228

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
70KB

MD5
cf11e8c57e05edd743eb2f712948103c

SHA1
70be342781a657ab805ce06e94d85bc5c2f7eb69

SHA256
016e6b72712909918372f7e741ef50e1b10fc1d79698b032e47235ac2abb84ee

SHA512
347677264e67e38f9c88c20a1e3049fc418eb806c99a7bb4f64d167f96170c774678bc9e40a4fc3a9b0c4b6e7dda75cef1601f7664ea9f75ba32586573e0727a

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
79KB

MD5
4c56d0623524dd3a0006b8eea0a289e0

SHA1
2ee5847c134cc3bca42134ad0f4eaec9954cf2d8

SHA256
8bd5b58b4da817b9259be4e85258d7c04b6c12ca4e50492e4db7419d81c7b9f7

SHA512
ebd020f441df45a65d86e7a2c4ad8543c90288a9e39742e06a6d7981a6f29fee43133a466e87a0ef613b5fa149759968f5fefb999ad8bf9dbf9cb6905c5f7d1c

Download Submit
memory/2228-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2228-74-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads