036d0fe56ae8b871856d71db44990f0f41d51bfe7f6b1cbd62d4d1feba3375f2

Analysis

max time kernel
168s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b6e23ace3019e99188cb3c9eb373f9d.exe
Size

44KB
MD5

6b6e23ace3019e99188cb3c9eb373f9d
SHA1

9e1657db09be3bd9f7f2171a292e7c43e2abc9ab
SHA256

036d0fe56ae8b871856d71db44990f0f41d51bfe7f6b1cbd62d4d1feba3375f2
SHA512

62c47dd46035060ce1248870f739fe28b2cf4c7433accc349300e769c027d2957cbe898311a323bfe0c459bef75c1f2ef2c8a8d0e149ace033c2386b858e9955
SSDEEP

384:GBt7Br5xjLPAgA71FbhvUVuRuz4Qsp2pWoHF8FrF8FBvAK6j6H:W7BlprpARFbh6o44rgxaJaVA4

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (205) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	6b6e23ace3019e99188cb3c9eb373f9d.exe

C:\Users\Admin\AppData\Local\Temp\6b6e23ace3019e99188cb3c9eb373f9d.exe
"C:\Users\Admin\AppData\Local\Temp\6b6e23ace3019e99188cb3c9eb373f9d.exe"
1⤵
- Drops file in Program Files directory
PID:1392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini.tmp

Filesize
44KB

MD5
97e1113b43b3acbd96caca6647e60b5c

SHA1
ec72eee36c81e62dd687ac15714c5941adb0ca9b

SHA256
f673b668c118a83fa2622f7979370e4bc4ba72f2be3896911ef7253b87b6fcc2

SHA512
fca32947ceade7672b5de644552ff77f322d6711172ed310ba04416e9e5f9eadd185f91a618e9f91dcb459624b267f36c0241bdb5d551a6f66a1bb3f261a4f44

Download Submit
C:\odt\config.xml.tmp

Filesize
45KB

MD5
28c9aa611fd588505450cc2f91c9d309

SHA1
ea8ad7bfad64de429f6a240402c0275b9d39e8ff

SHA256
453d73ff0f485da10150df5143acf96af895febc517c6b2aedd4b39b550a795a

SHA512
c3166cb6b6253b161450efafcb4f5a2b0c1d9498c1e315fdddcce429b6bfb82511b89a598382e69cd34db2f080e7699f298e37a828aa0a395ac54309b4bb28e9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads