399f52d3b8db5afd271d2c73bb37c64eebbd90376c27014383116bed080bab65

Analysis

max time kernel
161s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c2cca24b54ad4d6c9ded4ed8a113785.exe
Size

41KB
MD5

2c2cca24b54ad4d6c9ded4ed8a113785
SHA1

af558a084b4a9effbf8278d1760c8b0ac8c0d86b
SHA256

399f52d3b8db5afd271d2c73bb37c64eebbd90376c27014383116bed080bab65
SHA512

7a623387abfce3347e25973c1924bfabeb5d2f5e4285feb545ba9b690ca7c9fef709630e868022f4a29b7d23d6fe892ae7a8cdcc1113b385838c0d07239ce95c
SSDEEP

384:GBt7Br5xjLfAgA71FbhvP+7QEfQEijLaMaB6K1A1Ve2Md6Ze2Md6D/Ws4y4r:W7BlpDpARFbhYQkQjjLaMaqMs1MsD/WR

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (299) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\CopyConnect.mp2v.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\DebugRead.TS.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	2c2cca24b54ad4d6c9ded4ed8a113785.exe

C:\Users\Admin\AppData\Local\Temp\2c2cca24b54ad4d6c9ded4ed8a113785.exe
"C:\Users\Admin\AppData\Local\Temp\2c2cca24b54ad4d6c9ded4ed8a113785.exe"
1⤵
- Drops file in Program Files directory
PID:1824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini.tmp

Filesize
41KB

MD5
527b8103cca86e462a356ca4509e88df

SHA1
24a4f8d72df4bec9432808a0904e17c1cdf97bd7

SHA256
e9962d11113945a6a845b4d1d7c11cf03df7629659f0707d4d9ada67d1bb7de1

SHA512
94f25d3cf15da987040b15b082c487c5a8f4bf12edd60b38cbd8794235636ede57cbf68ffd300c93347d780f859cd90ddd863cb17ea3a9550399e522cd651137

Download Submit
C:\odt\config.xml.tmp

Filesize
42KB

MD5
f77a482a8d56c6891a12c21f75e9e992

SHA1
9e17eb519f6e7c6266f9b32e7861dd2c24d1d09b

SHA256
cf6048db5254da5256d1ce1a67e92fc84f5124b6017b31e88364dc8769f91f62

SHA512
a3514e7bced369261e929e283eebaf7ed886d34e75ed84b92ca7b86eefd3fc7fee2fb10ed6367d5cccd7adeab18f0dddd387df54696ad2f6a633621cb5ed00f6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads