e1b7d275e2631f5e5f42a02633651702341a22b3806761976ff897a0e32b7138

Analysis

max time kernel
55s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
06/07/2024, 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

384a23c37d432895007e89d003943220.exe
Size

89KB
MD5

384a23c37d432895007e89d003943220
SHA1

516b02bfba7eccb38e28d723ecc129efbb17973f
SHA256

e1b7d275e2631f5e5f42a02633651702341a22b3806761976ff897a0e32b7138
SHA512

88cd9770b1959fecb9a34eef484c195f4bfe723c7329c50c11e350734f3e9effc0fa9faa6c683ea93c0829d573b98767e9c805f7560573cbf7e922bfa7d0f383
SSDEEP

1536:W7ZDpApYbWjIoPyPoLzV7c6ShLDw1wxh6hV:6DWp6Dw1wxh6hV

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	384a23c37d432895007e89d003943220.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui.tmp	384a23c37d432895007e89d003943220.exe

C:\Users\Admin\AppData\Local\Temp\384a23c37d432895007e89d003943220.exe
"C:\Users\Admin\AppData\Local\Temp\384a23c37d432895007e89d003943220.exe"
1⤵
- Drops file in Program Files directory
PID:900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
89KB

MD5
a9702a312059959c9768cc5d93a52841

SHA1
9809b4ff86e6a1f2f2ad2e1d8a29e5568540dfb1

SHA256
47bc26ac98926938a5c05bc5091bd7ebb1dea4ae6f37cf1e3f687c2b3a2a7b15

SHA512
43cf1f8a058f012abdce5dc4fcf2deeb82829652e238ca4b4af49fc0a1a5c5527dc3c63ec37bb621f43e7184955942e6483f0ea6c63dbda49c4388432c4a1b01

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
98KB

MD5
fb7b4e73a17beadd10fbe70e3cc6a6a2

SHA1
18d28e94016a3f67fca5ee6c22f8b6746abbe342

SHA256
0add57dd9de91d294f9d8d0803fc6bf2572535ea12ebdf522feb6dc837e67a77

SHA512
0d17c08b50603051191bb41d6a289f1162c98ff7359382a33a056d48a650efcc212b9a32a092242429484bfb01746296a38b968e3f59b9852ad3d0e62cb9315a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads