e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 04:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
Size

40KB
MD5

f7af82aa055e4c176a0e4fd07e401269
SHA1

eb19b8d20f71be68839b63573a43076ff4712fbc
SHA256

e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48
SHA512

361f96272768996d9a63459c9290184b78b3d89529191efc9aa7bb1ede95d3683a6b998dfb49dc99fd2f90032a691092e9100fd997190b119b12e8c10e6a86d2
SSDEEP

192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vh7m/FJHo7m/FJH8wh6B6J:yBs7Br5xjL8AgA71FbhvhwB

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5123) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Input.Manipulations.resources.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll.manifest.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-runtime-l1-1-0.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ComponentModel.Primitives.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Csp.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\misc.exe.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\TipTsf.dll.mui.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Resources.Extensions.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-pl.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OneNote\SendToOneNote-PipelineConfig.xml.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Thread.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ul-oob.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ul-oob.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\EssentialResume.dotx.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Controls.Ribbon.resources.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.scale-140.png.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\msgr8en.dub.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Primitives.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Xaml.resources.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Java\jdk-1.8\README.html.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-oob.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ThirdPartyNotices.txt.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\7-Zip\History.txt.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\UIAutomationClientSideProviders.resources.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\PresentationCore.resources.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_KMS_ClientC2R-ul-oob.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Xaml.resources.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationCore.resources.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ppd.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul-oob.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_F_COL.HXK.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-namedpipe-l1-1-0.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-oob.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\WindowsFormsIntegration.resources.dll.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Retail-ul-oob.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ul-oob.xrm-ms.tmp	e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe

C:\Users\Admin\AppData\Local\Temp\e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe
"C:\Users\Admin\AppData\Local\Temp\e86bae3d6a30b815792712ec84e4a1c2ebed744fe48c8eee092f74683046be48.exe"
1⤵
- Drops file in Program Files directory
PID:4984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3571316656-3665257725-2415531812-1000\desktop.ini.tmp

Filesize
40KB

MD5
b5db51a30034beebfce5cec187033e7c

SHA1
d209f69888bdf6500fe275f2dd4c49bc5ab1a2e8

SHA256
28ecfb351d17876ed4909fa8231e939a7fc43f8f3224ee64e803048ece5ca020

SHA512
8d16c6fb998db5b2c7342bb372e52fcb54e2ba6f57a150d2e2e5b03c6de60ac136b7b42dce9c2d2a80ef608333a81f21b654a01b7edb84ba0e7941ce586f2265

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
139KB

MD5
15904b05fae9f1f54fd65ad9e5eae750

SHA1
a833b0a2a5460d534b5338121758666f456b2cb7

SHA256
150a39d1b8bbae513b444846070736f11d497085010e6cfc06c6b56f5cc65a03

SHA512
e06361430b3616fe6dbcdaab39afcaa0e649efae324eac42eabe91841317eda092b59cfc25bc9e01c66edd4dcb034311a46efa4872234329d89d46f76e1d8614

Download Submit
memory/4984-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/4984-1892-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads