04261ad99ea59c0c8e25c8557260fc804cdab5aada2e420e41fa0898a006aaa0

Analysis

max time kernel
120s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 01:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39d17391870adcc51d3bde42aae83650N.exe
Size

148KB
MD5

39d17391870adcc51d3bde42aae83650
SHA1

ec68b46d30c5856a52edd999413fadc17aba064b
SHA256

04261ad99ea59c0c8e25c8557260fc804cdab5aada2e420e41fa0898a006aaa0
SHA512

7d7c5595805f4622010508ec45b31f7b0eb7e798bc34460f2fad7c6fbaefe226df1f0005a2041811a31391eebf9de81d36573610fae43c7ceab7acb5f00a62d1
SSDEEP

1536:W7ZhA7pApH1++PJHJIOSIP7ZhA7pApH1++PJHJIOEOHdSg:6e7Wp1He7Wp1H

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (243) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DisconnectSkip.rtf.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	39d17391870adcc51d3bde42aae83650N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.tmp	39d17391870adcc51d3bde42aae83650N.exe

C:\Users\Admin\AppData\Local\Temp\39d17391870adcc51d3bde42aae83650N.exe
"C:\Users\Admin\AppData\Local\Temp\39d17391870adcc51d3bde42aae83650N.exe"
1⤵
- Drops file in Program Files directory
PID:2728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
148KB

MD5
817e967b1039b07cb5f435af5474c702

SHA1
9488ec010c778a333505a86a87928d8a4057d2dd

SHA256
0b74a807713b8ec5b57412044f9a665219b0d68ce5da0d97a7b91474d120d65c

SHA512
af1457818f6730d067d04541e826c50cb1604e3c4251071cadd36aedff954f892e38de0898e2233e4f9c3e8db938543f1af3a9ed439d3877b5a3a2efc769a28b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
157KB

MD5
cffee397c53dbd5d3d29137b5ef518c1

SHA1
8aaef719ef72da3e9dc68454ba32b557d663c959

SHA256
bd74454dab4cda61a38a69e150805c115f5e773117a96b2a22e38443c0215b1e

SHA512
0519e0525449fe9057280d0f65c3d0d51321ff88cd6b885583f6ee95701c7a579a67fde980c06d7481f4edc9da13bb2675ab692beef9c0ba8dad9a84d3b414d2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads