ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50

Analysis

max time kernel
150s
max time network
93s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 05:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
Size

130KB
MD5

2323eeb43dfc97ade0638ef5cf355a41
SHA1

0de8d020214a5e1289507324c3df6e2eefc99d6f
SHA256

ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50
SHA512

5a0a29a066fac3ce6301fb5113c4ca9224223ad3a4313a1fa67969f1f5517a19170b4de5b1ee5efb48d31797641ef8729897f24e4b45fa471b1384f4e27da4c2
SSDEEP

768:/7BlpQpARFbh2UM/zX1vqX1v+1WbW1rjrA9ZONZOD5ZTXBvjfMfvjfMMfQsblBO8:/7ZQpApUsKiXBvzwvzXJvlwJvl6

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4721) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\WindowsFormsIntegration.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2pkcs11.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre-1.8\bin\j2gss.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_ko.properties.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ul-oob.xrm-ms.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationProvider.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Xaml.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ul-oob.xrm-ms.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Office15\pidgenx.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-180.png.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationClientSideProviders.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.Pkcs.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Xaml.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.Formatters.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\basicstylish.dotx.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-180.png.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoia.exe.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClientSideProviders.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Xaml.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Extensions.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jsse.jar.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_F_COL.HXK.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-100.png.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\joni.md.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excel.exe.manifest.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue.xml.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\optimization_guide_internal.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\UIAutomationProvider.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\cryptix.md.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jre-1.8\bin\rmid.exe.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Banded Edge.eftx.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-fibers-l1-1-0.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Xaml.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\ReachFramework.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClientSideProviders.resources.dll.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties.tmp	ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe

C:\Users\Admin\AppData\Local\Temp\ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe
"C:\Users\Admin\AppData\Local\Temp\ebe59b5e95fd0da30cd5218158b0d934a1e0d810613ed8bf36d38faad81eff50.exe"
1⤵
- Drops file in Program Files directory
PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

Filesize
131KB

MD5
20cc4508089a186a6c659cb07ce0cfa4

SHA1
98f561f57fa2f2b98b6bc66faee7278723cf67dd

SHA256
fee4c906d5eeb069bfecb865f3ed1f4405990840a62818a8aedc6bd143f45187

SHA512
59bfad47ccf1fde5ab5d4ab1c7051ae39f623f7fbb4294bd82e5b8c7396dcab18aa1913e46b69035d424931ce935c643931194dd41fd436dfbf5fed63a0b918d

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
229KB

MD5
9bab744834b2e8175d98f0c769edbc82

SHA1
3579e6da740889054743801ab467d1cbb784f9ab

SHA256
afcaf5201193f1d428289fbcbe00540998220deb23a13e7c2ffefe5321232ec3

SHA512
6586f793fba26765ce4739e019fbbdae1685913fa340c7dec42f6bd2fe9645582ba1c10e1693b54c99bb21bb2df86b05fc2bcb563c90155ea45c7b54a13c3a3e

Download Submit
memory/2904-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2904-1606-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads