db19481544f2a77a6b184c8ffa2ea729cafb0fe905b32836ef8ebfc10a170a9c

Analysis

max time kernel
119s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 00:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ad2c2ad4abee901df8ec84e35cd43b0N.exe
Size

71KB
MD5

2ad2c2ad4abee901df8ec84e35cd43b0
SHA1

164a797aa634c32512765e88c6053479ce91a20d
SHA256

db19481544f2a77a6b184c8ffa2ea729cafb0fe905b32836ef8ebfc10a170a9c
SHA512

63450e2f053ca9bf0fd24b4c0aa28942c4d092f84c9a20e95f383dfafc03cc5c77fad8aef8b89733f75a63ec7de0bd27f2956d20e6a6039733f4aa42bae10536
SSDEEP

1536:/7ZQpApze+eJfFpsJOfFpsJeFrxFrTPG0PGN:9QWpze+eJfFpsJOfFpsJ0rDrTPxPW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (314) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\offset.ax.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	2ad2c2ad4abee901df8ec84e35cd43b0N.exe

C:\Users\Admin\AppData\Local\Temp\2ad2c2ad4abee901df8ec84e35cd43b0N.exe
"C:\Users\Admin\AppData\Local\Temp\2ad2c2ad4abee901df8ec84e35cd43b0N.exe"
1⤵
- Drops file in Program Files directory
PID:2436

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
72KB

MD5
28bad7ae2000610bff4e80a410ff27d0

SHA1
d61360d6a31a507e8dc897511284c79796ca6ac3

SHA256
0e75826d620005c808e677b2f5414def482f8304b514ea90679c515d20682ba6

SHA512
5b51b416e70091d5b9cbb550ad4b7df4588b6f86259f477dc5986e985ccacc3258d9c96fa82b11b24b53e67a6185fd44ff9f01403b95a160a392b84714d44e14

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
81KB

MD5
549d23ed5c14f02e21bc1432941179d8

SHA1
f133206a5742f3b115bddda137c1d5ccc3e87d5f

SHA256
4e90fabd6e446e30cb705c125edec181c6d90d79fce5eb791e4ff76f19b1855c

SHA512
d978b03f59553ef25572912c1023a86e80df6f003e461dd814d4139cf34400c7d5e1a64968af09106c8b46c2e6111a132e5bdf120129a1c0c59c7741e5be0b08

Download Submit
memory/2436-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2436-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads