2ceee86a0929373bf13009a06e0ed6ac359cac96f97a67de27e78b595a893d89

General

Target

DonnyhubPremium.exe
Size

722KB
MD5

96ac5b2cad1603c928f67adb072f2b56
SHA1

e1991922d75fa487610d069ae5d52af6de428ee3
SHA256

2ceee86a0929373bf13009a06e0ed6ac359cac96f97a67de27e78b595a893d89
SHA512

84a1b261b87995d9e0c02451a344106edd43d021e6e112335bb294def6abdd6c89d606b355ddfe1797bb13ec24f7a18b6e265a691b9e9c6cd66f70ec686cf12f
SSDEEP

12288:lO7FJJ7gIgVj2du42aCrMP5IaAPD67w9rVJd7FtJ7gIDVj2du42a1:o7FJJMPRAu4fC45wu7wb7FtJMsRAu4f1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (8175) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 21 IoCs

Processes:

DonnyhubPremium.exe

description	ioc	process
File created	C:\Windows\SysWOW64\drivers\es-ES\NdisImPlatform.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\ndiscap.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\NdisImPlatform.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\ndiscap.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\wfplwfs.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\uk-UA\NdisImPlatform.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\en-US\NdisImPlatform.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\en-US\wfplwfs.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\NdisImPlatform.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\en-US\ndiscap.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\NdisImPlatform.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\wfplwfs.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\gmreadme.txt	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\ndiscap.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\wfplwfs.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\it-IT\wfplwfs.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\gm.dls	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\es-ES\ndiscap.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\ja-JP\NdisImPlatform.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\de-DE\wfplwfs.sys.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\drivers\fr-FR\ndiscap.sys.mui	DonnyhubPremium.exe

Drops file in System32 directory 64 IoCs

Processes:

DonnyhubPremium.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Dism\ja-JP\IntlProvider.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\es-ES\windows.ui.xaml.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\fr-FR\shwebsvc.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\it-IT\authfwgp.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\wbem\es-ES\iscsiprf.mfl	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\es-ES\msxml3r.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\fr-FR\PresentationHost.exe.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\it-IT\dot3svc.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\networklist\icons\StockIcons\office_16.bin	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\spp\tokens\skus\csvlk-pack\csvlk-pack-Volume-CSVLK-5-ul-oob-rtm.xrm-ms	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\en-US\qdvd.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\en-US\srmshell.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\it-IT\NcdProp.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\uk-UA\xwizards.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\wbem\es-ES\netnccim.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\de-DE\tapi3.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\Dism\es-ES\SmiProvider.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\es-ES\cmdl32.exe.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\ja-JP\GamePanel.exe.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\en-US\pubprn.vbs	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\de-DE\xwtpw32.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\it-IT\themeui.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\ja-JP\DevDispItemProvider.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\Printing_Admin_Scripts\es-ES\prncnfg.vbs	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_GroupResource\uk-UA\MSFT_GroupResource.strings.psd1	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\Speech_OneCore\Common\tokens.xml	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\wbem\de-DE\wsp_fs.mfl	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\wbem\es-ES\netdacim.mfl	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\en-US\FirewallControlPanel.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\fr-FR\searchfolder.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\it-IT\mswstr10.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\ja-JP\PresentationHost.exe.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\ja-JP\wavemsp.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\wbem\fr-FR\wsp_fs.mfl	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\srms-apr-v.dat	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\es-ES\netdiagfx.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\uk-UA\BWContextHandler.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\wbem\en-US\ipmiprv.mfl	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\NetAdapter\MSFT_NetAdapterHardwareInfo.Format.ps1xml	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\cs-CZ\APHostRes.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\fr-FR\p2p.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\ja-JP\iernonce.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\wbem\de-DE\xml.xsl	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\en-US\APHostRes.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\fr-FR\quickassist.exe.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\es-ES\eapphost.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\es-ES\Windows.System.Profile.HardwareId.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\wbem\tspkg.mof	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\wbem\it-IT\xwizards.mfl	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\DnsClient\PS_DnsClientNrptPolicy_v1.0.0.cdxml	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\en-US\adsnt.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\en-US\Ninput.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\es-ES\UserDeviceRegistration.Ngc.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\it-IT\mmcbase.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\wbem\fr-FR\regevent.mfl	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\sysprtj.sep	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\fr-FR\register-cimprovider.exe.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\wbem\portabledeviceclassextension.mof	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\es-ES\tapi32.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\fr-FR\sndvol.exe.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\it-IT\qedit.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\DSCResources\MSFT_RoleResource\en-US\MSFT_RoleResource.schema.mfl	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\ja-JP\cmmon32.exe.mui	DonnyhubPremium.exe
File created	C:\Windows\SysWOW64\ja-JP\mycomput.dll.mui	DonnyhubPremium.exe

Drops file in Windows directory 64 IoCs

Processes:

DonnyhubPremium.exe

description	ioc	process
File opened for modification	C:\Windows\servicing\Packages\Microsoft-Windows-Help-ClientUA-Client-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1.mum	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSquare71x71.scale-100_contrast-white.png	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_10.0.19041.610_none_f3ce60a24f923bd1\AppXRuntime.admx	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-volsnap.resources_31bf3856ad364e35_10.0.19041.1_es-es_e392d40dd2fa8ccc\volsnap.sys.mui	DonnyhubPremium.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\DebugAndTrace.aspx.fr.resx	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_de-de_6988eb133eb82b0f\403-14.htm	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_b4fc93ef208f3edb\404-9.htm	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_c_fshsm.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_e70c9980bf906c51\c_fshsm.inf_loc	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..fests-onecoreuap-ds_31bf3856ad364e35_10.0.19041.1_none_cf4cf905f2728c42\feclient-DL.man	DonnyhubPremium.exe
File opened for modification	C:\Windows\servicing\Packages\Microsoft-Windows-Client-Desktop-Required-Package~31bf3856ad364e35~amd64~de-DE~10.0.19041.1.mum	DonnyhubPremium.exe
File opened for modification	C:\Windows\servicing\Packages\Microsoft-Windows-SmbDirect-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.mum	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-analog-h2-physicsplugin-baked_31bf3856ad364e35_10.0.19041.1_none_5fb69e670630e91d\presetbodyqualitydynamic.hbakedbodyquality	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..nager-efi.resources_31bf3856ad364e35_10.0.19041.1_zh-cn_944f6cce6f6c4efc\bootmgr.efi.mui	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-microsoftedge_31bf3856ad364e35_10.0.19041.264_none_ef195f564f00d259\MicrosoftEdgeSplashScreen.scale-400.png	DonnyhubPremium.exe
File created	C:\Windows\PolicyDefinitions\en-US\Radar.adml	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-comdlg32.resources_31bf3856ad364e35_10.0.19041.906_ar-sa_347b1904099a2e4b\comdlg32.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-peerdist.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_6938a17ac67b89c3\PeerDistCleaner.dll.mui	DonnyhubPremium.exe
File opened for modification	C:\Windows\servicing\Packages\Microsoft-Windows-Printing-Foundation-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.mum	DonnyhubPremium.exe
File created	C:\Windows\PolicyDefinitions\it-IT\Securitycenter.adml	DonnyhubPremium.exe
File opened for modification	C:\Windows\servicing\Packages\Microsoft-Windows-Client-LanguagePack-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1.mum	DonnyhubPremium.exe
File created	C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe\assets\NarratorUWPSquare44x44Logo.targetsize-256_contrast-white.png	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-s..chservice-component_31bf3856ad364e35_10.0.19041.1266_none_2262e67641106c48\n\privacy-icon.png	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..ntscontrol.appxmain_31bf3856ad364e35_10.0.19041.423_none_6c3451a09cba3850\r\resources.pri	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-e..rtingcore.resources_31bf3856ad364e35_10.0.19041.1_es-es_b8cff57dd650fff2\wer.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ss-cemapi.resources_31bf3856ad364e35_10.0.19041.1_es-es_4afbfc44160c6440\cemapi.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-trkwks.resources_31bf3856ad364e35_10.0.19041.1_en-us_9b9048d121dce0b6\trkwks.dll.mui	DonnyhubPremium.exe
File opened for modification	C:\Windows\servicing\Packages\HyperV-Host-Compute-PowerShell-Module-Package~31bf3856ad364e35~amd64~fr-FR~10.0.19041.1.cat	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-feeds-adm.resources_31bf3856ad364e35_7.0.19041.1023_en-us_92e01e3b6e60e6b5\n\Feeds.adml	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ng-legacy.resources_31bf3856ad364e35_11.0.19041.1_es-es_d5c41637ccd3c708\mshtml.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..rkmanager.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5baadb24c44a4de0\WiFiTask.exe.mui	DonnyhubPremium.exe
File opened for modification	C:\Windows\servicing\Packages\Multimedia-RestrictedCodecsCore-WCOSHeadless-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1.mum	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-w..ction-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_a38812e3fb8c217b\WindowsFileProtection.adml	DonnyhubPremium.exe
File created	C:\Windows\INF\printqueue.inf	DonnyhubPremium.exe
File created	C:\Windows\servicing\Packages\Microsoft-Windows-Printing-LPRPortMonitor-Opt-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_bth.inf.resources_31bf3856ad364e35_10.0.19041.1_en-us_0e7cbf1419145fa8\bth.inf_loc	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-aarsvc_31bf3856ad364e35_10.0.19041.1266_none_d7b5820f5a89765b\r\{A5A7C794-3D59-41DF-915F-19ACDA526FC9}1036.bin	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_dual_netwmbclass.inf_31bf3856ad364e35_10.0.19041.789_none_da7c52a020e37ab1\r\netwmbclass.inf	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..iagnostic.resources_31bf3856ad364e35_10.0.19041.1_de-de_ff7c6e957808c4bc\RS_ResetCacheSize.psd1	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..osoftedge.appxsetup_31bf3856ad364e35_10.0.19041.1_none_593baf0978e6233c\AppxBlockMap.xml	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-intl_31bf3856ad364e35_10.0.19041.746_none_8ae70fbf778841aa\intl.cpl	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..ormid-wmi.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_9ff1c01901bd5207\platid.mfl	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_hidbatt.inf.resources_31bf3856ad364e35_10.0.19041.1_de-de_74ae0828c14bdebf\hidbatt.inf_loc	DonnyhubPremium.exe
File opened for modification	C:\Windows\servicing\Packages\Microsoft-Windows-Common-Foundation-Package~31bf3856ad364e35~amd64~es-ES~10.0.19041.1.mum	DonnyhubPremium.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\Images\SIMLockToast.scale-125_contrast-black.png	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_dual_netv1x64.inf_31bf3856ad364e35_10.0.19041.1_none_610125f2128c067d\netv1x64.inf	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_c_fsopenfilebackup.inf.resources_31bf3856ad364e35_10.0.19041.1_es-es_2a727c323385f246\c_fsopenfilebackup.inf_loc	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..r-desktop.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_16e74a125d12c3b6\Windows.Internal.CapturePicker.Desktop.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_10.0.19041.1_es-es_12451df02dbd2879\403-17.htm	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-n..quickstart.appxmain_31bf3856ad364e35_10.0.19041.423_none_72535ca9b59a9515\NarratorUWPStoreLogo.scale-125_contrast-black.png	DonnyhubPremium.exe
File created	C:\Windows\PolicyDefinitions\de-DE\UserExperienceVirtualization.adml	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-startclient_31bf3856ad364e35_10.0.19041.906_none_90cded0a0d05b2be\iisstart.htm	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-u..ationcore.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_ea7c2b5af66df4d1\UIAutomationCore.dll.mui	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-wlansvc.resources_31bf3856ad364e35_10.0.19041.1_en-us_f3b6977e3578692c\wlansvc.dll.mui	DonnyhubPremium.exe
File opened for modification	C:\Windows\servicing\Packages\Microsoft-Hyper-V-Offline-Common-merged-Package~31bf3856ad364e35~amd64~uk-UA~10.0.19041.1.mum	DonnyhubPremium.exe
File opened for modification	C:\Windows\servicing\Packages\Microsoft-OneCore-Containers-Package~31bf3856ad364e35~amd64~ja-JP~10.0.19041.1.cat	DonnyhubPremium.exe
File created	C:\Windows\servicing\Packages\Microsoft-Windows-Client-Desktop-Required-Package0513~31bf3856ad364e35~amd64~~10.0.19041.1266.cat	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-qedit.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_015f8cb0719095ad\qedit.dll.mui	DonnyhubPremium.exe
File opened for modification	C:\Windows\servicing\Packages\Microsoft-Windows-Embedded-KeyboardFilter-WOW64-Package~31bf3856ad364e35~amd64~en-US~10.0.19041.844.mum	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..lsmonitor.resources_31bf3856ad364e35_10.0.19041.1_de-de_ffe11baaf5b2db1a\WpcMon.exe.mui	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-store-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_e3fb8d4b04bff205\WindowsStore.adml	DonnyhubPremium.exe
File created	C:\Windows\Microsoft.NET\Framework\v4.0.30319\ASP.NETWebAdminFiles\AppConfig\App_LocalResources\AppConfigHome.aspx.it.resx	DonnyhubPremium.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\manageSingleRole.aspx.fr.resx	DonnyhubPremium.exe
File created	C:\Windows\SystemResources\Windows.UI.Shell\Images\RequestedDownloadsCloudIcon.contrast-black_scale-125.png	DonnyhubPremium.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-adminmmc.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_aa7d9df4e8a65bde\nfscommgmt.dll.mui	DonnyhubPremium.exe

C:\Users\Admin\AppData\Local\Temp\DonnyhubPremium.exe
"C:\Users\Admin\AppData\Local\Temp\DonnyhubPremium.exe"
1⤵
- Drops file in Drivers directory
- Drops file in System32 directory
- Drops file in Windows directory
PID:3640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3640-1-0x0000000075330000-0x0000000075AE0000-memory.dmp

Filesize
7.7MB

Download
memory/3640-0-0x0000000000860000-0x000000000091A000-memory.dmp

Filesize
744KB

Download
memory/3640-2-0x0000000005240000-0x0000000005250000-memory.dmp

Filesize
64KB

Download
memory/3640-3-0x0000000005A70000-0x0000000005AD6000-memory.dmp

Filesize
408KB

Download
memory/3640-12-0x0000000005240000-0x0000000005250000-memory.dmp

Filesize
64KB

Download
memory/3640-13-0x0000000005240000-0x0000000005250000-memory.dmp

Filesize
64KB

Download
memory/3640-14-0x0000000009F00000-0x0000000009F38000-memory.dmp

Filesize
224KB

Download
memory/3640-15-0x0000000009EC0000-0x0000000009ECE000-memory.dmp

Filesize
56KB

Download
memory/3640-2132-0x0000000075330000-0x0000000075AE0000-memory.dmp

Filesize
7.7MB

Download
memory/3640-3309-0x0000000005240000-0x0000000005250000-memory.dmp

Filesize
64KB

Download
memory/3640-3888-0x0000000005240000-0x0000000005250000-memory.dmp

Filesize
64KB

Download
memory/3640-3889-0x0000000005240000-0x0000000005250000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads