c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2

General

Target

c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
Size

48KB
MD5

1f821d445b6f9271a6bac33b4992b19a
SHA1

e81852b73d532a103dcfb9e6610e19e141ad8574
SHA256

c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2
SHA512

3f5fa0f39ab3fd33bbd5d4c4f5b32d1dace6f175a21e7e11834d136b7fde91d87499b235033789b62c5dfd42dfcd3e8a879c3e8507d6f1a2edec2a5c861599bb
SSDEEP

768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcuX9km9k/fxRfxyko:CTW8OmO/fxRfxykK3ZUkK3ZKYw

Score

9^/10

discovery ransomware upx

Malware Config

Signatures

Renames multiple (1750) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2508-0-0x0000000000400000-0x000000000040A000-memory.dmp	upx
C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp	upx
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp	upx
behavioral1/memory/2508-36-0x0000000000400000-0x000000000040A000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.mbeanbrowser.zh_CN_5.5.0.165303.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.di_1.0.0.v20140328-2112.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UTC.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-options-keymap.xml.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\LINEAR_RGB.pf.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novosibirsk.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lindeman.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.directorywatcher.nl_ja_4.4.0.v20140623020002.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.ja_5.5.0.165303.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_ja_4.4.0.v20140623020002.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Almaty.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Makassar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boa_Vista.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh.htm.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.attributeTransformation.exsd.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\macHandle.png.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs.xml.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-masterfs.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe

C:\Users\Admin\AppData\Local\Temp\c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
"C:\Users\Admin\AppData\Local\Temp\c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

Filesize
49KB

MD5
04d317c9c48cdc135b16202f813d86fd

SHA1
c77559884866fee5e749626f99c6f8b119214787

SHA256
152166761775e17435cd1db5a13a66711061b7588b272e551fcf6fff5aab3f79

SHA512
5dbfc94def6b7a63302a90fcd492425842e257e42e9f0da5297ba13bc0814c5b273db00d628ef862d95c159a644e5ff8dcdb3a53ecbb8d8688dd9b81f959fe67

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
c7774c202eb1321415db4b6959c384a4

SHA1
56444a0b608d8a4130461c171db2c005f1e7b724

SHA256
53d1eae60778aafdd004125ce96377bfc863c2b097d00aa776fcbe17b0e1f2e4

SHA512
e365542890e83794dc87d95f2fcd7a24aa138ff033bc17899f7e5f37a9c682ca1b18a11574496a6edde2d8a9f1bf7fadcf2692162a2e61c1398c0d581a4c1a02

Download Submit
memory/2508-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2508-36-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads