19143ce045042399b205cb5637ab715051a2ab0cc1b668b21e9c05103781ff8d

Analysis

max time kernel
174s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 18:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
Size

248KB
MD5

b8d6b3dacdce9c218d3d1ff1debdb66b
SHA1

e9f835957c06020eb5e4c565f566628eab05b713
SHA256

19143ce045042399b205cb5637ab715051a2ab0cc1b668b21e9c05103781ff8d
SHA512

fac2b0c9f1a16f39859c9cdcea1b20d5bd27fa2937e0d76346c78a28616ae5dc690a0091a3ff320a06060ab8b9ec0f0bd63933aa629cc7c6eea6a73375a6b527
SSDEEP

1536:W7ZhA7pApaX0aX09rDVMFDwU5LenTpnDr5LenTpnDRSfuYauo:6e7WpGlCK0o

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (219) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\ClearShow.contact.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrusash.dat.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe

C:\Users\Admin\AppData\Local\Temp\b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe
"C:\Users\Admin\AppData\Local\Temp\b8d6b3dacdce9c218d3d1ff1debdb66b_JC.exe"
1⤵
- Drops file in Program Files directory
PID:3916

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1926387074-3400613176-3566796709-1000\desktop.ini.tmp

Filesize
248KB

MD5
ad07ddd35e93f40e9defb5d0685f4c44

SHA1
4da394071966b32c6d088e9ba861f864f0874790

SHA256
df125dfcacab0419e272f862bf770f702708a22b2d8c060f6e5ca3ccf81f18d1

SHA512
1748244f039778944a83369ce26df6e9b69501e43811f66467e3e819ea14f584787afa66e5d91d079ef3d8736e4c172835f98e7fb664b4296230d26129cd90b9

Download Submit
C:\odt\config.xml.tmp

Filesize
249KB

MD5
d5d46b7713db899aa7dd868bcf68a061

SHA1
d8a5e13cf73afc3f846eb528477b4865c4628742

SHA256
8557dcefbf9711a60224ee9f260747b49b995f73722f45efeeedd342b0aa74c7

SHA512
93abd743bc793ff2f780da73cfa8aa5837752ec940eb93e62a00b0c0bbb6ddeb1b7cabc686e5007eafba318c5b815e6511cdbf3de565b9e1552c4ed8b45a664f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads