4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7

Analysis

max time kernel
160s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 21:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
Size

57KB
MD5

b0d3914b86c0eb3a0430aa8b929821a0
SHA1

ce5b0d6fec84fd562fd8a87fb8ab9a3adcf53ad9
SHA256

4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7
SHA512

0bc9d2e101180880e2d9a0ecc63e82ed45e208a81f7040778a919327f827a1a020eff8eb9f10f50b0527deb777b5db5a565ccd85c1fc686ebaa05069ef6348ba
SSDEEP

384:GBt7Br5xjL9AgA71FbhvuNBNsjLKoWFKryoWFKrRYKYUosMosnn/oA/oj0pCpY9y:W7BlpppARFbhWJq5nosMosToX

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (222) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7z.exe.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mraut.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.tmp	4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe

C:\Users\Admin\AppData\Local\Temp\4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe
"C:\Users\Admin\AppData\Local\Temp\4f15d2bd04c1c1ecb66cc5eb8b0746c01dc54841426e006fee23210495a52ec7.exe"
1⤵
- Drops file in Program Files directory
PID:3264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5164 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
58KB

MD5
70fd04013fd7699724b47689b9787727

SHA1
2ec8316de6c3e924983e771c915e68c19aea381e

SHA256
aa81c5f77f9339f7640f03e5780adb4b5feea41a717b91e04e39a18123c8d79f

SHA512
8b72fa080522291664c62f777387283cbe764278be7b639258978ae68ed87f11acc3d45df1b99f72e24a220d537edb2278bac376bcd59bf2c7757e86f0f2f182

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
57KB

MD5
11778ec21326d3a6d6995d1beaf1a518

SHA1
e36c686af25e38d50eacf84dbcae7728ab8a258f

SHA256
8d532463c0b7eaeeba25215cd62f79bd7d2cd74ba0118b6beea69406a781d0b9

SHA512
1b27ae31ab7613b4dbcd3f06763c970dbe45aa3e9af1e417b9e322f1959036147ff083bdff9a344a4987bc8e598c32f0f1e52342f55795b293b37619a5d97f4d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads