dae67cc14c1fb94b511513320641a9a52d7a189e7b82298a6705613ab220ec2b

Analysis

max time kernel
120s
max time network
16s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 10:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a00b6d3f62dd2bb1a29d0b87e9806830N.exe
Size

32KB
MD5

a00b6d3f62dd2bb1a29d0b87e9806830
SHA1

13aaa70244f8f9a2a08c6b0114bb6df56a455944
SHA256

dae67cc14c1fb94b511513320641a9a52d7a189e7b82298a6705613ab220ec2b
SHA512

7b572b826a5faa3181ebbd7a79a132286962e604aaff77383e700e936ef6ecb3f8ede50440dc612b0b57d3a8892b3d96ab7d64d11274d658211d81e319c1c98d
SSDEEP

384:GBt7Br5xjL9AgA71Fbhv7bhvYYjYHUyYCyYBYU/:W7BlpppARFbhjbhQYjY0yYCyYBY0

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (335) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.tmp	a00b6d3f62dd2bb1a29d0b87e9806830N.exe

C:\Users\Admin\AppData\Local\Temp\a00b6d3f62dd2bb1a29d0b87e9806830N.exe
"C:\Users\Admin\AppData\Local\Temp\a00b6d3f62dd2bb1a29d0b87e9806830N.exe"
1⤵
- Drops file in Program Files directory
PID:2884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
32KB

MD5
ec9f0e1205ff29372c7c1d84bf1f32a3

SHA1
64964e1aa5d68c472a4a0bc02f537b6560d0f159

SHA256
a249437b366078826c24ac5bb36f864094948bd8d9e5c6e5926cf4dcee02ee48

SHA512
3fd2835cb14174d4cb4d242a95403c5eb77fadf5715fae161e29f30b97707b981be51a000bb083c1fd9f05bde6637b2842b1bffeb2936a03fa2b4aee44d7f1bc

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
41KB

MD5
6e86e69e055703f8bc719c60f5a9521c

SHA1
051fe7514fd79f4c468489ffd242fb7e4d1f6f48

SHA256
61ce3901edc9f6bcc6ca9647f4a93abe13f7dd776660c1dadc947f85d1506697

SHA512
4b123f8c3891d51dfb538bd93a3583052a29a764bc31b72f93673cf7475548bac9bc0ada0483a5ef19c6820b515cc1b67d3ca63ed15e2343aec8873e9d9601a0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads