5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936

Analysis

max time kernel
146s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 20:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
Size

98KB
MD5

ce12c0c9de752f8ba83928d5cc39f34c
SHA1

9ba87bb22743b11ff983d9bd7f668eb20ff0baa3
SHA256

5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936
SHA512

4fea1e5cc6ec32591adbca7b0c6c5dc66ac49530ba7934222f15c935f791d08a5e9c538be706cac3cadb9e4c9d9e14e28492ed3b26128083ccaa477a496ce6ca
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5pYJIJDYJIJOO6O2lO:W7ZQpApjIWe+eoO6O2lO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (143) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 60 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe

C:\Users\Admin\AppData\Local\Temp\5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe
"C:\Users\Admin\AppData\Local\Temp\5594ba7b01af508ad80023365788a34b954749d176a927bf54870bf7c3058936.exe"
1⤵
- Drops file in Program Files directory
PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-778096762-2241304387-192235952-1000\desktop.ini.tmp

Filesize
99KB

MD5
c709357af07bec3faa0dab354b2a92af

SHA1
4fb016742774851171000b1cc6ded74c3bd49394

SHA256
1bd49da6cc29f77e86f6e177543d7f35995ceb200578542ae6e87541a9dd4af6

SHA512
8d8a989bc0bd671a941beb26abbbb9ed534e4c4a3f053db0e8700ff72d245daa32eaad4fc86409f9dd9e51143ab366d2b3bef9771c75840f3af6daa3d4d15dd8

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
108KB

MD5
f34d8489703bca0144a6190d2d0bb334

SHA1
c87243b99f468ab03a77fd41467c0e66497ce437

SHA256
bde9ced0167e372376edbb8c8fc9f039551fa9018983edecd65cd28844a02dcc

SHA512
e88c6a8e3ba2a8239000cd72e31d395329d3d490fbbd8853aa46b4086756d37567086ff8f78e5d84e425a508b79d3b33eb93326a9e1fa2f7a0a80e4a04773105

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads