eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381

General

Target

eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
Size

120KB
MD5

2badbadd6bea0f46cdf2ae7f1c00633e
SHA1

39109c009f4a4361f30af5ffca4845513242293b
SHA256

eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381
SHA512

998073bffc1eb92699f889168cf314166a01d07dec63565b95198e38733da36997ec2c866b4cf5447f95275bf39f92d4c6ec314271cf6e308f8faa50a4327a86
SSDEEP

1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1jq:6QWpkzlfFpsJOfFpsJ+n6jW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (531) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\ja-JP\DVDMaker.exe.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\System\wab32.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe

C:\Users\Admin\AppData\Local\Temp\eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
"C:\Users\Admin\AppData\Local\Temp\eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe"
1⤵
- Drops file in Program Files directory
PID:2140

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\desktop.ini.tmp
Filesize
121KB

MD5
0c8dce15f8ed24a66fbdf5451ff05f99

SHA1
5ba22194cf93fa97abdd75fde73dc19cf1cd3aa8

SHA256
32b7e8681dc335e88cadc1ddcd04d3d055216eadc6ec32a3c531928a46287639

SHA512
8ea48a5942d6bd8cdaad9712e16af201843c1b842b718bd721b8511c3aa313c8528ad271c0273d47633f8e350307a01c8385c582a720bbf969bbd1e3b6dd1201

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
130KB

MD5
82aceffbf9c40e8a19e7eb45ef586db3

SHA1
dcf772b8aaf102b5a24401f85b1e08bcd4a3553c

SHA256
c2bafff0555cd40347c0b01e3f03c8ef85665605ba500c599c22c80461a21241

SHA512
6f87a047a29fac510198de467fbc58abee610579f59d394b51f9ae983064fa3e8d601eb46213d3f874735722cd8fda3bde79908cae9d84d97db313ece7f8c28a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads