c8f78eedd5ec162032c0d9eae6b3262135b0034fde72933f4d996928b1381c74

Analysis

max time kernel
151s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15/10/2023, 19:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
Size

220KB
MD5

49e4ddd3f1cb2dba26209ceb7dc3c550
SHA1

5bef8b2009dcb789f33b372e70b58475a18ee5ba
SHA256

c8f78eedd5ec162032c0d9eae6b3262135b0034fde72933f4d996928b1381c74
SHA512

a04f6f7e43a1ce375f95a50b37163723417e7acb23fed8f76db15770d04fd6df95dd42f958a1cda9e95141e5154ce52c9d989972f373870974efba72b6ce4d5a
SSDEEP

768:W7BlphA7pARFbhKKVeIuKVeIBt+OKObYhnKhnZS+BHvHJ:W7ZhA7pApBt+OKOsZKZZS2HvHJ

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (220) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\CheckpointHide.tiff.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.tmp	49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe

C:\Users\Admin\AppData\Local\Temp\49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe
"C:\Users\Admin\AppData\Local\Temp\49e4ddd3f1cb2dba26209ceb7dc3c550_exe32.exe"
1⤵
- Drops file in Program Files directory
PID:2412

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3185155662-718608226-894467740-1000\desktop.ini.tmp

Filesize
221KB

MD5
f3e680e4c117380b9fac0d0783012e5c

SHA1
c27122ab12fc6232232b4da9a10a3d6c96bfa5ad

SHA256
db757c25652f252ef11870b1f16f156afbd8538bb1eaf0b2256dd65f28bd8416

SHA512
fcd2663729845be869aef91a4b4f46cc7d6934d83ef3a7599f1414a50959f293a17111279057e08cb56872b9d05251fdfbc9756dc5d93814defd71ec3ceae218

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
229KB

MD5
f7fe0771fc7d3f77e3077239593de2cf

SHA1
f27ac91b17bd2a5253bd3ce3426da42620b7e1da

SHA256
269791868ad7199cc0fd6ceafce9952c9fa11bda4c1932b6c77b842970cfd965

SHA512
c4583773be5cf3adafdff8b07ef2c523dd2dd5587a503739913e3e80bb7da94b951df0ba2157dcc0fb71f9aac86439a5102886c1d7771c6a53c939c8eb3fc9f1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads