eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381

General

Target

eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
Size

120KB
MD5

2badbadd6bea0f46cdf2ae7f1c00633e
SHA1

39109c009f4a4361f30af5ffca4845513242293b
SHA256

eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381
SHA512

998073bffc1eb92699f889168cf314166a01d07dec63565b95198e38733da36997ec2c866b4cf5447f95275bf39f92d4c6ec314271cf6e308f8faa50a4327a86
SSDEEP

1536:W7ZQpApjIZNdNnfFpsJOfFpsJ+n1k1jWk1jq:6QWpkzlfFpsJOfFpsJ+n6jW

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4907) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-80.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Json.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-pl.xrm-ms.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-ul-phn.xrm-ms.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSZIP.DIC.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140_1.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-phn.xrm-ms.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_OEM_Perp-ppd.xrm-ms.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.TextWriterTraceListener.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.Watcher.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsBase.resources.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationTypes.resources.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOSTYLE.DLL.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsplk.xml.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\WIND.WAV.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 6.0.27 (x64).swidtag.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_1.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Design.resources.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\TellMeOneNote.nrr.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.DataIntegration.FuzzyMatching.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial5-pl.xrm-ms.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmti.h.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-80.png.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL022.XML.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.tmp	eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe

C:\Users\Admin\AppData\Local\Temp\eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe
"C:\Users\Admin\AppData\Local\Temp\eb22824ca74d56ce2066ceaeef2965d4085de6636321b4c2bde24e413eddc381.exe"
1⤵
- Drops file in Program Files directory
PID:3040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\desktop.ini.tmp
Filesize
121KB

MD5
6ad6167ca27d49e2f299b4998f00d6b7

SHA1
0e7b84a4ae8bb475e843d58e44a31445259e1936

SHA256
0af5b14ad6485057c8cc3b23a001a7c376ab832b996e43fce0859ceb6ac4e526

SHA512
3a4bad256c74ca716111c42be711fc31e233a38d1280ca1a099c842eeaaa62b121ff23a503c87a94d655ea9bba10cd757d32a112ffeec1622fb6e53be14a3065

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
220KB

MD5
2e4859462844704a1581d15808c3ebfe

SHA1
3c68031b31fdc111fa760b070058b72dde5be4a4

SHA256
9d5929b532dce6be1e022a0c7b6e8a3bb44c962de00ff055f9223dfc59d5920f

SHA512
811cac61ba9dfcc3048c905a5e8372f6943e6276bcfe8f0dd863ab0ff19b84cfad4a3a125d8806cd2174c91940a3f770cc438f538f4fdfb36cb9299a25c7bcbe

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads