a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b

Analysis

max time kernel
157s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
24/04/2024, 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
Size

201KB
MD5

85bca447aa3669406f008da8598df802
SHA1

40062f18ffc7f6e484f72cb97312292070a913f2
SHA256

a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b
SHA512

cc4740ebf306a697055725d862ad547d1c0cfc1b8f8d80b477c5393dd45dad3e518180e05cea76f36c9bf9edc557755bcc5a782e5016e0e66f39febc42319633
SSDEEP

6144:RqlIyFESWu0SWu2shFAC2jnkbOupvuv+qM/qMk:tyosbpankbfcvb

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (449) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.DriveInfo.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-stdio-l1-1-0.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Memory.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-console-l1-2-0.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\hostpolicy.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.StackTrace.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-util-l1-1-0.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\dotnet\host\fxr\6.0.25\hostfxr.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Sockets.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-datetime-l1-1-0.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe

C:\Users\Admin\AppData\Local\Temp\a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe
"C:\Users\Admin\AppData\Local\Temp\a3c5784d82facf8f65b7591a243431af7f31ec74376ba11a587d2a16e622378b.exe"
1⤵
- Drops file in Program Files directory
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3912 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
1⤵
PID:2568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
202KB

MD5
df1fda4c1a268f7261c9250b499f27ed

SHA1
9fd99e2f7796cfeaf2be6d4a06704fbc683625bc

SHA256
7a1c2d5c098e6fa1993ba8bfefc4811ec2731ae71d8ec2bb2d22cea7f1dbd8b5

SHA512
82ce2bd7da6dc047f317032043fbd3699f9eecfc2add74aa71370f7f78617fcef947658d992299466db120667fab2edd0ac44c0b64cdc8bc0c986879ce7678d6

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
201KB

MD5
732bbf1b0e203e8db2d73693970ba8b3

SHA1
15b92ea511603a5e84677b622ba2bbe7fa0c30a2

SHA256
19be7491324ff1ef837837d331b9ccb10dab4fd16aee7b8c27428a3a56f0562a

SHA512
9166897d81f46fc3c6b37e9974f86464fd5f95f47e6496f6aae0072c90f2d07fa8435888552aba9de5e5f6951857a3de50d64f6f2e24bad3a158c7a08cda3c19

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads