804c00a778d3b1f334624ff2a962b38ce191a8acd15c75383a5439b9a60ef7af

Analysis

max time kernel
157s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 21:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

28e3d78c0a7ff70622ae8b849dc2ca7a.exe
Size

47KB
MD5

28e3d78c0a7ff70622ae8b849dc2ca7a
SHA1

c630228ae9cbfff726be78182951485f5a85f8ab
SHA256

804c00a778d3b1f334624ff2a962b38ce191a8acd15c75383a5439b9a60ef7af
SHA512

0bde2c158dbf35f17eefbd5a96e9301fb856361bc422d27eb76120b14400c38b61c27b1c9bb32334d986cd300a107182870c16b066aeda9cdb68b849926c6d97
SSDEEP

768:W7BlpDpARFbhYQkQjjLaManvFNFO/Ms5Ms2FZ:W7ZDpApYbWjCDOC

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (236) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	28e3d78c0a7ff70622ae8b849dc2ca7a.exe

C:\Users\Admin\AppData\Local\Temp\28e3d78c0a7ff70622ae8b849dc2ca7a.exe
"C:\Users\Admin\AppData\Local\Temp\28e3d78c0a7ff70622ae8b849dc2ca7a.exe"
1⤵
- Drops file in Program Files directory
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=2656,i,16940681401824032220,151921362336696246,262144 --variations-seed-version /prefetch:8
1⤵
PID:3880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
47KB

MD5
4080a11e52f749702f5e0f77d080c23f

SHA1
6e6e2fcb399916a3ba723181936de7f8f8afea4f

SHA256
cc14bbc90b6caaa6dd025b7f9bedc077aaa85643667655ec20227b880304218d

SHA512
fdf433e86cf5dc21c4ab4f0fd95e2b4a933733fa70ad4ebc8a5af86b31bcd92555bcda2c1643a049b50a087300d99f48a3d53807e8734b6a4f2da231c7903327

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
47KB

MD5
56e1dc2f162d94b32f2123d551054e22

SHA1
47bd40a1cedf210b3d8d30d469b9a8a57a54c8b5

SHA256
cbf1913074b85923709e975532693244526f42e6a3f8b8df6454aff7dbc8611d

SHA512
18b027d8000bb8effd26c4f453beee4a263f24db07009dbf594b7e76f50607875624907c4022e51b0efe1da92acaed7db1910569a24f576318e7c69ef01a334b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads