4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951

Analysis

max time kernel
153s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 21:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
Size

105KB
MD5

0fef2cbc97c5286b0c05ab370ff16539
SHA1

105173406ad1aa07f5a7e13df67142e27ba1cb3b
SHA256

4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951
SHA512

45dc0b2b9f33740643b5fc21c131ec37492e63b983a85a5bdd85ba88fd0e0a15b2da37f6d4b0cd37d40c8dd765091fa70c93920c831e343f5546daad5aee1ed5
SSDEEP

768:W7BlpQpARFbh2UM/zX1vqX1vLFB5W5pYJIJDYJIJOO6O2lpHiJOP25LqrH5HiJOu:W7ZQpApjIWe+eoO6O2lpiMZiMo

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (729) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationClientSideProviders.resources.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Primitives.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tpcps.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.DiaSymReader.Native.amd64.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-environment-l1-1-0.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\dbgshim.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\clretwrc.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Http.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TextWriterTraceListener.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Tools.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Metadata.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.CodePages.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l2-1-0.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Globalization.Extensions.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.Win32.Registry.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationTypes.resources.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-stdio-l1-1-0.dll.tmp	4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe

C:\Users\Admin\AppData\Local\Temp\4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe
"C:\Users\Admin\AppData\Local\Temp\4c0a724540ec8466d69169621671afa1877f08ae9c7bb0351ecdfff21ca03951.exe"
1⤵
- Drops file in Program Files directory
PID:1836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3692 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
106KB

MD5
00fd87d29ca242d2fe5998264adc3460

SHA1
dfb156d491fc77a8c09e059d75f203c20f7e534d

SHA256
8672b5d03aa9ffda8f1eaf8a59ac82c42166566356a21a8705db0e947614acf0

SHA512
985db8dcfc16f1277bb4cf4aea9064367e865e256c87a54b2080a0143927bfa740af736744af2b1bf5e037c2426e9868ef25d578a05cc0885341e461ff2b9ff9

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
106KB

MD5
7f8f173cc1dc5fd51d8a338abcdaeecc

SHA1
7281060995919cc7cf3db6b00239a0292b9f854e

SHA256
de5f2b5490f8df4691a5ae897bca60686c7704ddc54666fcd6a198557b04525b

SHA512
3889db08c96b14b1e2bc47cbe0eac2585a6e74fdabffe758fd430dd5e3c5b4aa28c180aae369deb4d055badee9d05834b9101d4a3477e56dde4a5ca04b577497

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads