da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4

Analysis

max time kernel
26s
max time network
127s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
Size

99KB
MD5

ac66aaa5f96226de63c7d75f8f00c3ce
SHA1

2e02ec57f5f0ccab873daea6ce9390e47f1a46ad
SHA256

da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4
SHA512

2ee2c0b0ded9a1479d8ff66d260ed7fb0a22ddaa5383d9c11449f50de904d38c00d48f982540fb410c613e37fdcb472e87be25a30a05a91146dd39f84733545b
SSDEEP

3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyB+:PqFF2Ie+eF1S/tUS/t4JL

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe

description	ioc	process
File created	C:\Program Files\7-Zip\7-zip.chm.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\descript.ion.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\readme.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\ClearProtect.docx.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\License.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe

C:\Users\Admin\AppData\Local\Temp\da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe
"C:\Users\Admin\AppData\Local\Temp\da63f32b0c7cc19c7076c6f3c353b11ac7846138b52a92fe512ad564a4ad63f4.exe"
1⤵
- Drops file in Program Files directory
PID:1216

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp
Filesize
100KB

MD5
1257abf1ab3ca4256c734eb19f3f69c3

SHA1
c333c848b980f41aece5b13f3c25b28cd18911fb

SHA256
d67115a9c493252c9df646464c6d77062f45e1e313999fc742d9ac3fc310eaf0

SHA512
fd3c8ee2d5fb355f3b9fc690ebf640bc91dcf12ac7de9e6f36469a01761ab6f38d7e84f681068eb36fb5c97e44ecef5ee120d55ad4a146e05d4cbbf29491355f

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
109KB

MD5
3d9145d9848bdc4f69720cb91f01da2c

SHA1
c7826eacb7b3d959505518d2a5f9a10a9722ee71

SHA256
fe0a60517f6eebb7ab506edd0c558a16d2e8c3a4a29487e7a482f5372a4ad886

SHA512
c6f0862c9b109ff8f3457912c9460c19e58a8f55a4b590b11e00c2a538c77ab994758b4d1835f3b27993c8496f79a4ad421f767d69ac6516d44045b05dbec407

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads