982bb96c6eaab7ab7316b444075f9901b6b482daa0f90e90b916c91b4b25ad23

Analysis

max time kernel
57s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
23/07/2024, 00:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

352cde7007ed4a5eca27b23d0d1a1aa0N.exe
Size

85KB
MD5

352cde7007ed4a5eca27b23d0d1a1aa0
SHA1

504964e86ab8174a88b88d1e1467da6062a705d6
SHA256

982bb96c6eaab7ab7316b444075f9901b6b482daa0f90e90b916c91b4b25ad23
SHA512

a79bcf51f68934553f050eb07468734cb6d445059a9bef78178e8be48d68adea22a06339174444419a5ca04a41595b4ab27b97e5abca0a44300d7beede7b7aa5
SSDEEP

1536:W7ZDpApYbWjIoPyPoLzV7c6ShWfxRfxT4J:6DWpLf7fw

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (191) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	352cde7007ed4a5eca27b23d0d1a1aa0N.exe

C:\Users\Admin\AppData\Local\Temp\352cde7007ed4a5eca27b23d0d1a1aa0N.exe
"C:\Users\Admin\AppData\Local\Temp\352cde7007ed4a5eca27b23d0d1a1aa0N.exe"
1⤵
- Drops file in Program Files directory
PID:1924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

Filesize
86KB

MD5
b7468f558fd456bd922905584607cff4

SHA1
b85510cf3a85865564db61fc04bd3ee53ce0deff

SHA256
18439beb23f2e329631aba7d05386295f6db73e5bb0d73c9dd562fd68543fa96

SHA512
8023d9320b095bce757e0ff5b3ab728db35ca9534b5188d9d46ec5b09b3ddcfdd4d8fe55e39f8abe1f50641dd099c9706f9cd64abb2f1018acdd66f5ca2f2a41

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
95KB

MD5
76ac14e5397da01b681a72af9fcc8ab1

SHA1
93710a67c356e07e92bc8ad06642cdd2aba4702c

SHA256
3d1aa55072a899e0ff937c1b657375d8817456585e12eb189089c9fd366e60f0

SHA512
e10c479256f7e998e0e31a54da066c205184757636b8fa5442278ae472417415d3d47b072073beda2bad20bd929dbeb883ec1bab271ba6f101925c3606ba386c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads