dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289

Analysis

max time kernel
7s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
Size

90KB
MD5

9b05769a342ccab3358cd868ddb920d5
SHA1

33bdba45a756d53c935a801432a5c709210fa5b5
SHA256

dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289
SHA512

67736a6c0ad8048f432fe7f22a8cacf1ce47eb7ebf6a3ce908d66a6dbdc70bb26889f9c3fc707c852a0a0f7c9c2309c89659fedad36287b615d6713e878baef3
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/OfxRfxHAu39Au3Cs:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7b

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (213) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\BlockUnprotect.dotx.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe

C:\Users\Admin\AppData\Local\Temp\dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe
"C:\Users\Admin\AppData\Local\Temp\dc8abd8183866262e67d7e992a166c16deefb98c47ed4d5fe5cd4d5635744289.exe"
1⤵
- Drops file in Program Files directory
PID:748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4268,i,18168883380598738769,14202261231630113808,262144 --variations-seed-version --mojo-platform-channel-handle=1304 /prefetch:8
1⤵
PID:1140

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp
Filesize
90KB

MD5
80e01025fcbdfc7155699a8a9de30ddf

SHA1
835826675a7cba4c6f9651f1e3cc7000ed014338

SHA256
ad4bdab701dd9bd8450eb7e16093e769760ff366906e225f28f47f9b8be2b214

SHA512
e43b0126443cf7683e7fb544ab7bc830ed3df612d695091261cba7c17966d2c7e69ca74c5775cf2379ff3195a3d953bda5a2ad4c4bf46fa7294ee4d1b6639c34

Download Submit
C:\Program Files\7-Zip\7-zip.chm.tmp
Filesize
203KB

MD5
ac3fe6799dfae9e21d32b72541c19b19

SHA1
063fada528c166855b5c4e816e0d24f69df3d2c3

SHA256
a1feae16e9ffbfbd104c1bde2ed2e6fb3ed8ab7ea27952e337e92e52f11a9c42

SHA512
7df84fa99ad423a966b2d6af7bddc47f6cdd8ecdce133ec0a8a1cc98ddbf3545fc157138f9d9846299bc71a7ffc379e89f2eb08a519c480db7f408050d3785b7

Download Submit