f1c3d926b6170c9f234aaba3918eb40604d80be6cbfa2b5f73568558d78520fc

Analysis

max time kernel
120s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 11:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

abebf59bd0cd3bd0274e2c89c0047a80N.exe
Size

38KB
MD5

abebf59bd0cd3bd0274e2c89c0047a80
SHA1

0ee0609dbb32ee9d568ac9385a6893c862a508f9
SHA256

f1c3d926b6170c9f234aaba3918eb40604d80be6cbfa2b5f73568558d78520fc
SHA512

a5ab0660cf6ce903107d7cf19d86036cd77d0947d6309b52809359b3f64ba13b56bd90a96d84be7806829cd041903542dec5b4ba3297b79a9493f236aaf8ddc8
SSDEEP

384:yBs7Br5xjL8AgA71FbhvBfepj3cfepj3KJlHlt:/7BlpQpARFbhq1KJlHlt

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (328) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Internet Explorer\en-US\eula.rtf.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\SecretST.TTF.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipschs.xml.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	abebf59bd0cd3bd0274e2c89c0047a80N.exe

C:\Users\Admin\AppData\Local\Temp\abebf59bd0cd3bd0274e2c89c0047a80N.exe
"C:\Users\Admin\AppData\Local\Temp\abebf59bd0cd3bd0274e2c89c0047a80N.exe"
1⤵
- Drops file in Program Files directory
PID:2316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
38KB

MD5
11b0e7e43879e5927d6f2041d9834e8c

SHA1
770a7f15a3a56604ad98daf3f5eee2e8157d4a97

SHA256
2cdd9bc3c55c161f02c25227a6d9c4341b7508c82ffe3842c3d08cefb9962eb5

SHA512
ec69d54667930d36f0a914c4abca53222b24492d6144fb6d62d9a3e9974d8cab1832e2951617f22640f5791bbbe20322e06f2c287074494ff10fcc29f9c99a9c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
47KB

MD5
340ae43eae16acde1d964a720aeb0d75

SHA1
04090b651f9936f134fae651c319290c5d52ac7b

SHA256
3cab51a8f90d0ea48ac2e645418e6bb2b083c06274d55b2da76062ee79e69d30

SHA512
74ae6b7ef309eb853a0c3f7d29032c24ef8ae73cd65db3beb82862826920b1267f694a1ca66f39260b99aef627fdbfec34b0c6c7d13d62e861a1a0e6aebc24c3

Download Submit
memory/2316-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2316-68-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads