eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6

Analysis

max time kernel
150s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 06:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
Size

114KB
MD5

460b7baa95c38c4d9734853ef68ccd91
SHA1

e087235ab95c3f93176259ca37abf91510a5e862
SHA256

eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6
SHA512

8a725fe3a5abc96fd4381e27c2871e3438bb9f76c56a6e0ba9b78f8cbc21c808fae08fdb20d30fa2209455bf3ca1b8260ccbfd502c7d46ac38682b43f6be9cd9
SSDEEP

3072:6e7WpHIyRF9ESWu0SWuDmhSauvEKxVTLJtxoVz8FUDrYYaCusjdEKxVTLJtxoVzg:RqlIyFESWu0SWuGSM

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4893) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.DataContractSerialization.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ppd.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMT.TTF.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ospintl.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\msquic.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Channels.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Grace-ppd.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\otkloadr_x64.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-oob.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\uk\msipc.dll.mui.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL116.XML.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-processthreads-l1-1-1.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\ShapeCollector.exe.mui.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Resources.Extensions.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.Linq.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_KMS_Client-ul-oob.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_Retail-ul-phn.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Globalization.Calendars.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\localedata.jar.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHPHN.DAT.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.RsClient.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\System.Windows.Forms.Design.resources.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-pl.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.DataExtensions.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Input.Manipulations.resources.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\WindowsBase.resources.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ru\msipc.dll.mui.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.SecureString.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-ppd.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.ProviderShared.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.DataAnnotations.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Core.dll.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest1-pl.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\FPA_f2\FA000000002.tmp	eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe

C:\Users\Admin\AppData\Local\Temp\eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe
"C:\Users\Admin\AppData\Local\Temp\eeda89203065b5f8c560f8fde579862efce61d94647b82480000c0011759b8b6.exe"
1⤵
- Drops file in Program Files directory
PID:1512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini.tmp

Filesize
115KB

MD5
064f2093908509bf7d0c7ff1c1e98fae

SHA1
af5c2f868b2516e054f65511cc2b5a1620de05f5

SHA256
e4e94f369aa7ef0b103f66785cc2ff5209f1e0a2064a076c5e030fe7b79efcd8

SHA512
358cdcd4ee5da707b99041511bdbd5cb5785010310108c4cc813bcf6b7f871c896cc5637949f8d494fbc3b068af554c3e1ecb8598ad32d6a5c9be5580697c3c6

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
214KB

MD5
81c5d4b4341b672d81dd1bb9aebfcd27

SHA1
7a25c8c3bcc2aed60176dafd7c847432b2c87cc6

SHA256
2a8075a17f5696b15f7ab000aed45008f593a6c476572fb4479b37f34fe89ca3

SHA512
ec2c7497a126df5ed3c95a355b30761bdda44a1d8ca19a4db07364e506cb480653c8e58deb78bb425fa98a1b867abece35935b7de6199f1af5765fcae0f9e680

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads