4c4b8561e3b5c6ce4e4345b6bcdfc0049b61ede66901af222eedf2d49e7313df

Analysis

max time kernel
151s
max time network
131s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2650b58f711499b02e39f1d35356faa0.exe
Size

48KB
MD5

2650b58f711499b02e39f1d35356faa0
SHA1

7b3c98e4fb728b1f922f03b81772071e7f922a5e
SHA256

4c4b8561e3b5c6ce4e4345b6bcdfc0049b61ede66901af222eedf2d49e7313df
SHA512

4c62ae02a7127e5b2ed34c66b0889df64270cb78ee09a27244800eff80b1c6b0a3d2b89dd6d6b0fa886204eb80909e3d776586450bb4d638a11c364ba3916c04
SSDEEP

768:W7BlpNLpARFbhblkYlkuvIYFdHYylSEF/MF/4:W7ZNLpApCZuvIYXHYgl2A

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (425) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.tmp	2650b58f711499b02e39f1d35356faa0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp	2650b58f711499b02e39f1d35356faa0.exe

C:\Users\Admin\AppData\Local\Temp\2650b58f711499b02e39f1d35356faa0.exe
"C:\Users\Admin\AppData\Local\Temp\2650b58f711499b02e39f1d35356faa0.exe"
1⤵
- Drops file in Program Files directory
PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
49KB

MD5
d5ca75347e478a84067e13de28e66c44

SHA1
afc8a7caca530ecba214ad4d9f24dd5e18718017

SHA256
c9fe7a298dc32a252b0a3542215b83be6340fbda769193d5425c4c36777a3f22

SHA512
d201f14423ffdba23f62c63f880287f5d6306cd5acd526fc9039e24c888c329c5d20a0d2d8d081c3fbd565bb8443cb11d65200d42d51dcb4da4faf4da2de7739

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
58KB

MD5
3518fd4f6aad36525d1e14074edeebb6

SHA1
3cafde151ff18c1ff4c7cc1043f5ccaac679f6f8

SHA256
573e74681065a480afd96b7bfe72f3c71da1435193ba3b0bf6fa7f45d3d5327a

SHA512
57d6a829ee085688ea8b31727b7424ef70559a0bcacf874ddda5dfd24eaaa704f1e9761c3f2b00fa8f4331af81e0395cebb33eb0051d452ef697ba3e4c0956ea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads