f56f8f938febb9ebade541493d3c9ea9bf64dfa78597e2ec9dba545e9afb1578

Analysis

max time kernel
30s
max time network
17s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-05-2024 00:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DonnyhubPremium.exe
Size

722KB
MD5

34e3ccf886e1321131be0ea9e28d16ac
SHA1

545343c4298a6fa9a8e4350be6b0ef1dedfeafe0
SHA256

f56f8f938febb9ebade541493d3c9ea9bf64dfa78597e2ec9dba545e9afb1578
SHA512

ee305fc82b7e2f868a11b585861f239c7d27d149a82a483b2154f71230c4e3e94f26dd10036a2045f1a01b9f265210bbda5a18919a3b38352d729457068ae464
SSDEEP

12288:BO7FJJ7gIgVj2du42aCrMP5IaAPD67w9rVad7FtJ7gIDVj2du42a1:U7FJJMPRAu4fC45wu7we7FtJMsRAu4f1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (547) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Themes\Aquarium\aquarium_12c.png	DonnyhubPremium.exe
File created	C:\Windows\diagnostics\system\Video\utils_SetupEnv.ps1	DonnyhubPremium.exe
File created	C:\Windows\INF\rawsilo.inf	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.DesktopAppInstaller_1.0.10252.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-60_altform-unplated_contrast-black.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-30_altform-unplated.png	DonnyhubPremium.exe
File created	C:\Windows\Help\Windows\ContentStore\de-DE\windowsclient.mshc	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\SmallTile.scale-100.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\Fues\Texture_bg.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.OneConnect_2.1701.277.0_x64__8wekyb3d8bbwe\Assets\contrast-white\OneConnectAppList.targetsize-64.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-80_contrast-white.png	DonnyhubPremium.exe
File created	C:\Windows\Fonts\dos869.fon	DonnyhubPremium.exe
File created	C:\Windows\diagnostics\system\Audio\RS_NotDefault.ps1	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\AppxSignature.p7x	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo1.targetsize-36.png	DonnyhubPremium.exe
File created	C:\Windows\ImmersiveControlPanel\Settings\AAA_SystemSettings_Display_Duplicate.settingcontent-ms	DonnyhubPremium.exe
File created	C:\Windows\ImmersiveControlPanel\Settings\AAA_SystemSettings_Misc_RollbackYourPC_Windows8_1.settingcontent-ms	DonnyhubPremium.exe
File opened for modification	C:\Windows\INF\urssynopsys.PNF	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditRichCapture.contrast-white_scale-200.png	DonnyhubPremium.exe
File created	C:\Windows\ImmersiveControlPanel\Settings\AAA_SettingsGroupPCSystemDetails.settingcontent-ms	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\LinkedInboxWideTile.scale-150.png	DonnyhubPremium.exe
File created	C:\Windows\INF\ndiscap.inf	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Arkadium.Win10.DailyChallenges\Assets\badge-animation_2.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\1914_20x20x32.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\2475_40x40x32.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_MouseNose.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarAppList.targetsize-20.png	DonnyhubPremium.exe
File created	C:\Windows\INF\netathr10x.inf	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\glow.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\WideTile.scale-100.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-40.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Emoticons\large\giggle.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\Microsoft.CameraApp.Native.winmd	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-60.png	DonnyhubPremium.exe
File created	C:\Windows\Help\mui\0411\odbcinst.chm	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\3009_40x40x32.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-250.png	DonnyhubPremium.exe
File created	C:\Windows\Media\Windows Hardware Remove.wav	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\Office\Emboss.scale-100.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Lumia.ViewerPlugin\Assets\IconEditRichCapture.contrast-high_scale-100.png	DonnyhubPremium.exe
File created	C:\Windows\Fonts\segoeprb.ttf	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.contrast-white_targetsize-256.png	DonnyhubPremium.exe
File created	C:\Windows\Fonts\sserifeg.fon	DonnyhubPremium.exe
File created	C:\Windows\INF\wiaep003.inf	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookWideTile.scale-200.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\gu_16x11.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\LargeTile.scale-100.png	DonnyhubPremium.exe
File created	C:\Windows\ImmersiveControlPanel\Settings\AAA_SystemSettings_Devices_Pen_EnablePenWorkspaceAppSuggestions.settingcontent-ms	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Getstarted_4.5.6.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-16_altform-unplated_contrast-black.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\GamePlayAssets\Localization\localized_ZH-HK.respack	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\dj_16x11.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\in_16x11.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsStore_11701.1001.87.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionMedTile.scale-125.png	DonnyhubPremium.exe
File created	C:\Windows\ImmersiveControlPanel\Settings\AAA_SettingsPageActivate.settingcontent-ms	DonnyhubPremium.exe
File opened for modification	C:\Windows\INF\pci.PNF	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.BingWeather_4.18.56.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\1.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.Windows.Photos_16.511.8780.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\PhotosAppList.scale-100.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSplashLogo.scale-300.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.ZuneVideo_10.16112.11601.0_neutral_resources.scale-125_8wekyb3d8bbwe\Assets\SmallLogo.scale-125.png	DonnyhubPremium.exe
File created	C:\Windows\InfusedApps\Packages\Microsoft.WindowsCamera_2017.125.40.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-black_targetsize-72.png	DonnyhubPremium.exe
File created	C:\Windows\Cursors\size2_rl.cur	DonnyhubPremium.exe
File created	C:\Windows\Fonts\mmrtext.ttf	DonnyhubPremium.exe
File created	C:\Windows\INF\wsynth3dvsc.inf	DonnyhubPremium.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2912	DonnyhubPremium.exe

C:\Users\Admin\AppData\Local\Temp\DonnyhubPremium.exe
"C:\Users\Admin\AppData\Local\Temp\DonnyhubPremium.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of FindShellTrayWindow
PID:2912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2912-0-0x000000007393E000-0x000000007393F000-memory.dmp

Filesize
4KB

Download
memory/2912-1-0x0000000000130000-0x00000000001EA000-memory.dmp

Filesize
744KB

Download
memory/2912-2-0x0000000073930000-0x000000007401E000-memory.dmp

Filesize
6.9MB

Download
memory/2912-3-0x0000000005030000-0x0000000005096000-memory.dmp

Filesize
408KB

Download
memory/2912-12-0x0000000073930000-0x000000007401E000-memory.dmp

Filesize
6.9MB

Download
memory/2912-13-0x000000000A580000-0x000000000A5B8000-memory.dmp

Filesize
224KB

Download
memory/2912-14-0x0000000073930000-0x000000007401E000-memory.dmp

Filesize
6.9MB

Download
memory/2912-747-0x000000007393E000-0x000000007393F000-memory.dmp

Filesize
4KB

Download
memory/2912-750-0x0000000073930000-0x000000007401E000-memory.dmp

Filesize
6.9MB

Download
memory/2912-759-0x0000000073930000-0x000000007401E000-memory.dmp

Filesize
6.9MB

Download
memory/2912-760-0x0000000073930000-0x000000007401E000-memory.dmp

Filesize
6.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads