19143ce045042399b205cb5637ab715051a2ab0cc1b668b21e9c05103781ff8d

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12-10-2023 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
Size

248KB
MD5

b8d6b3dacdce9c218d3d1ff1debdb66b
SHA1

e9f835957c06020eb5e4c565f566628eab05b713
SHA256

19143ce045042399b205cb5637ab715051a2ab0cc1b668b21e9c05103781ff8d
SHA512

fac2b0c9f1a16f39859c9cdcea1b20d5bd27fa2937e0d76346c78a28616ae5dc690a0091a3ff320a06060ab8b9ec0f0bd63933aa629cc7c6eea6a73375a6b527
SSDEEP

1536:W7ZhA7pApaX0aX09rDVMFDwU5LenTpnDr5LenTpnDRSfuYauo:6e7WpGlCK0o

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (143) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 60 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe

C:\Users\Admin\AppData\Local\Temp\b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
"C:\Users\Admin\AppData\Local\Temp\b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe"
1⤵
- Drops file in Program Files directory
PID:3024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-686452656-3203474025-4140627569-1000\desktop.ini.tmp

Filesize
248KB

MD5
2362459ce4415ba87f0bc023a7f0d8ee

SHA1
599a34c9f62e431330c4fa447dd5b4a8830525a9

SHA256
8224c3d0cfd1c102a809ed53276b9903bf9f491f3f124dcbc5a805d0aefd6bde

SHA512
ab58aa1041d535a29653006586d45b16465b014274adf514c28e9922aed60a2bf8526c017d24efcb3fd1bf7b6e8f68f4a492d2969d9f11fdc58e23ee54d0f132

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
257KB

MD5
8abe3e1d0f7aee3127c6c0a249f92f8a

SHA1
a5807c954c2b4b6059b28283fc5c1188a13e7196

SHA256
7770285004b8266892cb24efcd79a0568e108007be9d9635a1340a46b914d133

SHA512
e044da65d7931098a23365b88da97f992205cf7034626fff59d8f332d93c60f1d74d4bf16bcf0214868f1b6be7b1bbeadaff6dffbb8df1af7b1a8ac6e7649a18

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads