12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
Size

1.2MB
MD5

1287aa4f100ce204edc26ca46670cf09
SHA1

57e61bef847d3994d2acbd0ce79b9c5cdbe98bfb
SHA256

12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0
SHA512

8f9674a4a27a5a6c078a33bbca9eea62ef5f749e9bf20b06e502b435be4c0440b7eb93a3f4e4d4a801802b8571f97dacd0e7f7a0b43a04ee7d4ea812e4414134
SSDEEP

24576:aIrixtiJpS4H3VvkLRUtvZ6Z0PXpPLIAxtSYtuuvEJp8iCpNtUGIlu:aI0suG3mLgrJIstlxvEJp8iCp7UGIu

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (223) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe

C:\Users\Admin\AppData\Local\Temp\12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe
"C:\Users\Admin\AppData\Local\Temp\12f9fc2960a9ba4a53a8b5ec63b94e350cfbcf7c41b66c55490f893662033cc0.exe"
1⤵
- Drops file in Program Files directory
PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp

Filesize
1.2MB

MD5
7bab92af154e1751620182ca52caeffc

SHA1
14bc03d979e2cacfd884515a0eda2983d813201a

SHA256
e21ce83a4591667148c3b7ceb54d1b8125b1c81655c5469994372b2068992c7b

SHA512
d8b9b2ad3634d2f1a9bc559e1a0dd743cfb03068c59c111de6c64f50789806b04b43ad48488d9ebea296828a28ee0525a7737b7880ce674283a67122a97ca50b

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
1.2MB

MD5
13094cde0092041c6672e891c03d5794

SHA1
fe8fa79c327df359e956cf69199417392c4a5a63

SHA256
8a025c94022bf4687c2d6ac9aea673e7c9ce67a6a2dcc08235f6e234d58aea0d

SHA512
da19fa482f1dbdbde92f97e514f0acf3ad155a2b6bcce494871077665eaf446e4bf8e19505cb9ab2405bc9e3eac971010329fa227c64ac17701c61d79ace83d3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads