20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
31/05/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
Size

58KB
MD5

45870a2f839848087d70cba93f507b52
SHA1

ef8d04cee783229445c3904aa093ad3af8288b4d
SHA256

20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20
SHA512

1802f5f5c8606c1daa275efab11a31996ffb6479096033fff1c2d992643395667ad396efce7407d7d201ac93a00e1ec83cbf7ae0f5ca98149ad183ed6d69cb57
SSDEEP

768:W7BlpNLpARFbhblkYlkrt8PWGoPWGqMs1MsR5nd5nGrA:W7ZNLpApCZrt8PWGoPWGANdNh

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (592) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Internet Explorer\en-US\jsdbgui.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.ini.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp	20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe

C:\Users\Admin\AppData\Local\Temp\20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe
"C:\Users\Admin\AppData\Local\Temp\20b4cefaaa5f7a75fe5f7f259a1114654e0d1bb100a49e3cb9039e2b81416c20.exe"
1⤵
- Drops file in Program Files directory
PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
58KB

MD5
a963cefe7d03e486eba2e418dcf40135

SHA1
15d2fe420566751fe5dd01cddb9c649bd7b9d4f1

SHA256
a10645ba2a52d71ec0c10d9ecf973b4d97df63e0db369d1c47171485bc17dc2f

SHA512
c29990cca43b70c6bc1c9fb193629234bd57bde995d2821e40afc91c36c43bd22211dd1de408f362b7a2ecf0797c5acbfd17e6422f43f4346b0d2a3bf43fbd76

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
67KB

MD5
c14c5fc55f5a9648422af795775b0afa

SHA1
9136a9008c57724396df39aab653a4073c2e2c2b

SHA256
80f4dd7f52800c596446f1f418d4cd3924e365c462ec5026cbcfecb92dcaa425

SHA512
3e3f646bdec858257dee0f30e4cda5d3849202e3d73a82cbe853004d5677d92eb9e290acb2064146d0d6105a5bda0681fe21b9e994e7cf59fa04a262ecc673d8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads