eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7

Analysis

max time kernel
150s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 04:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
Size

71KB
MD5

5ac4eb0ff0fccd52299c5a335c3bf6de
SHA1

ad39a28897ccf4fdcf244681bd1f20f8c357ae3d
SHA256

eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7
SHA512

b039d9e384ce55016c6ef5dfbb827ab4566da9f736e1b53f27abfed5f1e816e929212897c5734c38137e0226da0283202295ad80f8247ca8193f7e31e60d1412
SSDEEP

1536:W7ZhA7pApH1d9oVLQthbqbY9oVLQthbq51Rn6wt7t4W:6e7WpP9oVLQthbYY9oVLQthbUrt7t4W

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5125) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.ILGeneration.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationUI.resources.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\Microsoft.VisualBasic.Forms.resources.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-ppd.xrm-ms.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\index.win32.bundle.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscht.xml.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ul-phn.xrm-ms.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Excel.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-handle-l1-1-0.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\flavormap.properties.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoasb.exe.manifest.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.deps.json.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\IEEE2006OfficeOnline.xsl.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL110.XML.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\GettingStarted16\SLINTL.DLL.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MEDIA\CLICK.WAV.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Java\jre-1.8\bin\prism_common.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-pl.xrm-ms.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebClient.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\coreclr.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\System.Windows.Forms.Design.resources.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-math-l1-1-0.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CHART.DLL.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Principal.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\PresentationFramework.resources.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\libpng.md.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsym.ttf.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE_COL.HXT.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Interceptor.tlb.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXL.TTF.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Csp.dll.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp	eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe

C:\Users\Admin\AppData\Local\Temp\eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe
"C:\Users\Admin\AppData\Local\Temp\eb5b532849401a660812908cfa3db444ceab227ce99295a872aebc63ddb396c7.exe"
1⤵
- Drops file in Program Files directory
PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3411335054-1982420046-2118495756-1000\desktop.ini.tmp

Filesize
72KB

MD5
da485a7722141a93f89d8d86703c24cb

SHA1
f467247ea686787c8ebe8744c7f266771c7fb6d5

SHA256
e9b47a99bb4d6133b5895f06a927457f34f779a96d7f02d8e0903110383db1f5

SHA512
61f1a7e6de91ff7498fe135f381b1869cbbd99a6f66e4fc671c03dd359b6514476912028352e5609e5fccc542a8e6e57bb2bf002ecd7d5b2eb79facfc1f53142

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
170KB

MD5
c1487ac276cc89efce39b93c4f096c06

SHA1
914e0888e31fbfd988a6cff0c56cc57a67224afa

SHA256
9e9ef88ab24854e6d1089b3700bcdaa9f63df1d297209e8ba035063bdface6ea

SHA512
4f3a7e0d56ceb6608b2209455650c7684de31131852f5cc7ac2770ea45b37a513f880a8faa09d0ddb939de087cf221b776a194521dbf113ed4fdd196d43a6f85

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads