1bf43da21dbf81a7cddcc352c18f0601a1d86d594ae392c3c3718aabde114c92

Analysis

max time kernel
8s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f310f134416bf943b5c0e0ba69bdf999.exe
Size

82KB
MD5

f310f134416bf943b5c0e0ba69bdf999
SHA1

dc36c06540b0219ef9a10090d3e19474b7bf00e4
SHA256

1bf43da21dbf81a7cddcc352c18f0601a1d86d594ae392c3c3718aabde114c92
SHA512

78ebda6a700e2e96cdf4389ae8394748edf878f644ad0ada26aa855d54b138b4f064f72d93281a529d3a23d66078825402e3cc434d0accb5fe3ad5eb4d3f471a
SSDEEP

1536:W7Z2sspApkZrZnZrZHZrZ1iqktYtlXGkR2SfXGkR2StJls:62ssWpQXGkR2SfXGkR2StJls

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (222) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\AddResume.xhtml.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	f310f134416bf943b5c0e0ba69bdf999.exe

C:\Users\Admin\AppData\Local\Temp\f310f134416bf943b5c0e0ba69bdf999.exe
"C:\Users\Admin\AppData\Local\Temp\f310f134416bf943b5c0e0ba69bdf999.exe"
1⤵
- Drops file in Program Files directory
PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3791175113-1062217823-1177695025-1000\desktop.ini.tmp

Filesize
82KB

MD5
8a2795bece943706e186044f99a548f6

SHA1
49881159d3fac161a6d016c1dca1cce47813f463

SHA256
e25281418567afa4ba1ee11c4bac41c77597a2f0001d0e3006d98d911cbbed72

SHA512
f4c08d77e8bbf79aeeb40b8b83ffaad16869181359bc72a1c54699b8f83f0ddd5a14140fbe1caeca645639bfc908ee84448ce43d71db1a9101bd1ae8ad7651a8

Download Submit
C:\odt\config.xml.tmp

Filesize
83KB

MD5
6e6559053a26bb80dfe12c1651ceab3d

SHA1
874aa962b78f6339eb716bc0f3d177c170d9f0b6

SHA256
090469466ba895e2298ddf07f63cfc69ef38a8636ef92521e22bce4a0f894fe1

SHA512
61aa62a3ee0ad330ea446cfa90a29bd782bd5987b04e51a6d63a9ac98d44857b97fa96dec63d6b5cab7529dd7dab9edb26fb27be9c5567b52460c304588ce800

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads