d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd

Analysis

max time kernel
32s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
Size

62KB
MD5

0db25b7c98b862b56e513c1a57a03e34
SHA1

cf5d8b15726eb364954131de0363bc96e5783d66
SHA256

d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd
SHA512

abcbe24004d84521b271c25dd2999363b700f767d1dbea518c2045495d3561eb2d5d7d9515badc394b5e9f6ba2ab5ad828eaf409f0bc1495dc37c51bcb367866
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDO:/7ZQpApze+eJfFpsJOfFpsJ5DO

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\be.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\7zFM.exe.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\AddConfirm.nfo.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp	d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe

C:\Users\Admin\AppData\Local\Temp\d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe
"C:\Users\Admin\AppData\Local\Temp\d31f63c049cd94a0a9fff27205764be7205fb3cc455f690600d5ce8431c616dd.exe"
1⤵
- Drops file in Program Files directory
PID:2908

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
62KB

MD5
00a8881e1af58c133aa66803d916e40f

SHA1
4db0273857e81a821b68d0cd908d332bf1936d4c

SHA256
c2e6ad6094ea85b563b2f90bf8d6d26d27c9b4cddec7a5b444cecd1153772747

SHA512
817ee9c924522f64be36d8ffeb34e21a0f4b6971c0c1cd4b476e90b37c5278c12288f589a40f74dca0738e8fe9754fce7d20f1e92700e8a5154b40b631287d2f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
71KB

MD5
d9275ae802af34564b06fb31f823c175

SHA1
a6fc908369ce8d971c2f3c1c867d5f674759726b

SHA256
e0a5d5c09903c5dc00d69305bd33c7211f758a1330ef2d724896e88a3803cac7

SHA512
1469bd6665519433969065e3eab7c5e716ed6d56d1591b3ae3e033ed987698bb42f52ed01c86f20b4375fc8020c6ce3f91415853d8c91d70d45e55b7fd5d026a

Download Submit
memory/2908-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2908-384-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads