e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6

Analysis

max time kernel
47s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
Size

94KB
MD5

c4a25c40782d21c86a24cdc2a31a21de
SHA1

f24242a84b2371b9d9507749a3ad2ada873aea28
SHA256

e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6
SHA512

c934def64ec32ba4b7a46f4170001e1e5c33503e7beb4e73f998b2b4a977357483bae119534c1927de8689c00662ce168cd1f5d4562e4f7831e8cd504ed63151
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/OfxRfxHAu39Au3lCT:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf70

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (220) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe

description	ioc	process
File created	C:\Program Files\7-Zip\Lang\hr.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\7z.exe.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\FrequentOfficeUpdateSchedule.xml.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\7z.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll.tmp	e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe

C:\Users\Admin\AppData\Local\Temp\e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe
"C:\Users\Admin\AppData\Local\Temp\e90287a2048da1d5a4bcc4723399f4c7e25473b967a6d8b3cb336871af337ab6.exe"
1⤵
- Drops file in Program Files directory
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4388 --field-trial-handle=2252,i,16022092570067181109,3235558581947505669,262144 --variations-seed-version /prefetch:8
1⤵
PID:2628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp
Filesize
94KB

MD5
a323f051a4257f7ddca11ca59acd3d43

SHA1
c4d6e4d400d91676eaabccffffb7d396a379049b

SHA256
96e26f37f6a0778cc9030c4dee4fcd8c41d264256df5d4f86b5f7a32b8b8ead1

SHA512
92a89826afebf4dc3cf659ef5c9a23af9e9f9276519149d8c2eeae4aea92a08a3661e57c1ce2adad746a0b7bd2f80134438442b5dfadcc61f133976f66d51a7f

Download Submit
C:\libsmartscreen.dll.tmp
Filesize
94KB

MD5
224e39e8dfce27f6bddd58df41450064

SHA1
5fd6f69dc8604d5054151ffb561a187a4e1ed6ca

SHA256
3bbe80bf296b43e47964fe2bb279220a0d2d352c517281099c30260a0a050715

SHA512
ba755c2c21dd3a7f09870fca0ddc7d736367d830f9b9aba3ae38ef2fecf418e439b9aec1e3c61d03a2ac39627bf848fcbd03fa2a5c2349ed8b49d8838168b0b6

Download Submit