036d0fe56ae8b871856d71db44990f0f41d51bfe7f6b1cbd62d4d1feba3375f2

Analysis

max time kernel
24s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10-01-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b6e23ace3019e99188cb3c9eb373f9d.exe
Size

44KB
MD5

6b6e23ace3019e99188cb3c9eb373f9d
SHA1

9e1657db09be3bd9f7f2171a292e7c43e2abc9ab
SHA256

036d0fe56ae8b871856d71db44990f0f41d51bfe7f6b1cbd62d4d1feba3375f2
SHA512

62c47dd46035060ce1248870f739fe28b2cf4c7433accc349300e769c027d2957cbe898311a323bfe0c459bef75c1f2ef2c8a8d0e149ace033c2386b858e9955
SSDEEP

384:GBt7Br5xjLPAgA71FbhvUVuRuz4Qsp2pWoHF8FrF8FBvAK6j6H:W7BlprpARFbh6o44rgxaJaVA4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe

C:\Users\Admin\AppData\Local\Temp\6b6e23ace3019e99188cb3c9eb373f9d.exe
"C:\Users\Admin\AppData\Local\Temp\6b6e23ace3019e99188cb3c9eb373f9d.exe"
1⤵
- Drops file in Program Files directory
PID:2928

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3470981204-343661084-3367201002-1000\desktop.ini.tmp

Filesize
20KB

MD5
44fd043ed658696d9a06bc8a57e57346

SHA1
bff484b3ad625534bc8819063ff95aecab50e910

SHA256
6a9fc2f72c30ed73b055f10d7b3a72ae9105d7c2c0499d063923565c4e5946de

SHA512
143a6d24752c827a5d0f169e8561c5e05c5f753643822dece218d92f5bf16627368f76790e817361215c6458fc83a48e5ec8e70d60f521f38ea3a85fcee0573c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
7KB

MD5
23da4d2091dacf5e858a5a7c87f1a983

SHA1
8aca42aa1202b040d703f71727a54c1c33846bed

SHA256
c08ac7579d46aa05c6a879c6aa86c536ccae8fe77801090e6cb5d29fe627f956

SHA512
de86c5bd42a6c447b9646a62d8d68c23d2d356cc3c12e55f6cf41f53957c0bafbe097408544e9c52d95bcd4084883c159f033504df89a47d373e9fdc32d28aa2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads