df310fcb510c39b3f6a2cf0da1645654faf56d811c30690fcf5daa21a734008e

Analysis

max time kernel
120s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 16:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e6864330dd4a1578af1b7cba23e1afa0N.exe
Size

89KB
MD5

e6864330dd4a1578af1b7cba23e1afa0
SHA1

13bac9b0749f79e5fa580ade89bf0136789ecdad
SHA256

df310fcb510c39b3f6a2cf0da1645654faf56d811c30690fcf5daa21a734008e
SHA512

df7c00deebddf83392400feb3763b4ed987dc4bc82e6d897bc1ffbe2038070e7f7135630a5c62f586647bcd740419f685d8c4dbf4d7bd3f88f108a3dfc14289a
SSDEEP

1536:/7ZQpApze+eO888888888888888888888888888888888888888888888888888Z:9QWpze+eO8888888888888888888888A

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (325) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	e6864330dd4a1578af1b7cba23e1afa0N.exe

C:\Users\Admin\AppData\Local\Temp\e6864330dd4a1578af1b7cba23e1afa0N.exe
"C:\Users\Admin\AppData\Local\Temp\e6864330dd4a1578af1b7cba23e1afa0N.exe"
1⤵
- Drops file in Program Files directory
PID:2532

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
89KB

MD5
a16dc9506d067be132a43739ea808dea

SHA1
983b74d262df893d5716db5ae6d06fb2e42d5526

SHA256
e0716297d5fdc69aa7f2a373ea277433a4b2fe793204f262f3046a0012a4f865

SHA512
a20df27b8a0e13c44ca7bb3bddc81a0bec695cddf5c1f9955c99dd6e4a0bbbff3dabe88630eb7eb8dfecb9c7617ce55a529de1c6fb99728dfd750eef139b6be2

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
98KB

MD5
06fd07d2d63698a4b038e83a80c4d338

SHA1
9e8995af38331f7b21d6db5f7525ac8e790e284d

SHA256
9d1819d82fddcaf53fee931c2c69dc3f75ab52ff529cd811dcf8b24217c35fb1

SHA512
f45bba4e22e540894d559c18988b2e5d3ffc2a0db301363c50499535c43bfe2aab94edf88a2a2755e4eb687887845c116aafd0ed738df06e918f316492539ec6

Download Submit
memory/2532-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2532-74-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads