a610d5b1c1784b463e592fb4bf21eff3977fdf23b8e003fa298d67214d8a7d58

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15/10/2023, 18:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
Size

100KB
MD5

1e5db7f8ca789380146c5072f4b2a330
SHA1

231b4c084dd0d23547b9866e39b1667f73fe036e
SHA256

a610d5b1c1784b463e592fb4bf21eff3977fdf23b8e003fa298d67214d8a7d58
SHA512

6dd5abe9c723721f138157291b4ec49be0f8e611294e65e5cd51b4eee3510c471b9513df6a18be6666e549efc84ae3c8a15fba07f3c37bf2d6cbf355024059b1
SSDEEP

1536:W7ZQpApfytyxsks0DjjOHepOHeWjCj4OHepOHes:6QWp1sksE

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (230) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\CheckpointSelect.mp2v.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\desktop.ini.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\DVD Maker\directshowtap.ax.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\DenyRemove.mov.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.tmp	1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe

C:\Users\Admin\AppData\Local\Temp\1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe
"C:\Users\Admin\AppData\Local\Temp\1e5db7f8ca789380146c5072f4b2a330_exe32_JC.exe"
1⤵
- Drops file in Program Files directory
PID:2956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2180306848-1874213455-4093218721-1000\desktop.ini.tmp

Filesize
101KB

MD5
5340488eddb9d61367a9e4ef45e00649

SHA1
f3dbbcbe1fd49ee68f7f00059e3c54901b4e8b65

SHA256
163bcbb5d59c886b56322f317ae0fa864881a65246a4b740851f603ae4de0f73

SHA512
36dba910c534289b08691d708862bd2d5b3703b9636e0bae9bd5aec6a00292c277a3568d20ac0c657a41d7c3806e1b55c9d07331c966aebf655f8187d3e18f3f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
110KB

MD5
f3c8a3f93c37751a3b8f75e87556638f

SHA1
89dd262f142f066981841736cfd387376e585251

SHA256
079d5ffe0e7a70aa136450eda078a7ed1faf48623bd6d10bf513d9dd9c47bd1f

SHA512
49c18537d01e1c0b1b6a44d3152d99a36647d7e88bb0b3e44f79e77dc7dcad2ee16fdb976fef99581b92091f18dc357b4fe6ba3c92fea09adaa8e6951189b3fe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads