3141496085fccc64a14bdc3e12097a1d6de960dd2a89838e5946007da0916967

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
19/07/2024, 07:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6e53dfb993aaf6939ce779294d500a10N.exe
Size

100KB
MD5

6e53dfb993aaf6939ce779294d500a10
SHA1

3c90749c584167efdbafdbf32cc746d4a68a1fb0
SHA256

3141496085fccc64a14bdc3e12097a1d6de960dd2a89838e5946007da0916967
SHA512

dbc5ee8690df2681e74581b0678953de9f333c4b43d77da405c5400dd24d80fee7a48d59900b52e17e3c6f4b074f790110201ef67e84804d80c2241b1bea13c8
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB5:PqFF2Ie+eFa0m

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (327) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png.tmp	6e53dfb993aaf6939ce779294d500a10N.exe

C:\Users\Admin\AppData\Local\Temp\6e53dfb993aaf6939ce779294d500a10N.exe
"C:\Users\Admin\AppData\Local\Temp\6e53dfb993aaf6939ce779294d500a10N.exe"
1⤵
- Drops file in Program Files directory
PID:2064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
100KB

MD5
b50797b24f65545dc781917db6a0b9b0

SHA1
73d6bb37bc3e1c4a7746edb8c87649335c9a45d2

SHA256
2666ec267d63f036b284d8d4908bc18940f8f59538e09923ef4cd1c7ab0cf72b

SHA512
73a674be1ac2c5db4e9bff70587a6c59dbf5f012cec9aaa61c4bac1fdc1884e71198c1421c9a3e74ecf8ffd38fe7af3d71b4bbbb93bc455cd54d915d731ebed4

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
109KB

MD5
282db4deb6383c22bcdc4793ce65f472

SHA1
00deab18f664b18009fd837d7542b0b12173c023

SHA256
4a4cd802e6ebe28b811326cb102a6abe24acd4fa4c5814e1630b30148ea4e7b2

SHA512
3879426949434c7412a53cc25ef25bb505cda2ce1b005e877fcfc00fdb0d10b7c03bace1906d6f6cfb3fb9f84ba56e11597571baf167037ed468a208e77552ff

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads