eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6

Analysis

max time kernel
150s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
Size

47KB
MD5

74fdf974647d3899772fa31be9f7af5d
SHA1

1a7b72e463cfbd1bb8f98c198c39f253b649b432
SHA256

eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6
SHA512

b34d88898040671ea147bba53bd94bff006d493d404e947488543469b97cc5325a98635dccb1ea9583646294bca03b43e3ad45d56815555ffa2b395cd39b6d27
SSDEEP

384:yBs7Br5xjL8AgA71FbhvgYJfPg7JDYJfPg7JY924Su0QK8u2l1QI6924Su0QK8uA:/7BlpQpARFbhIYJIJDYJIJYF/MF/b

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (5051) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Common.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptg.xml.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Design.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Extreme Shadow.eftx.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-pl.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\GRAPH_K_COL.HXK.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ppd.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ul-oob.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ppd.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-ppd.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\MICROSOFT.DATA.RECOMMENDATION.COMMON.DLL.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Library\SOLVER\SOLVER32.DLL.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-white_scale-180.png.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsBase.resources.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ppd.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\zlib.md.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Trial-ppd.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebHeaderCollection.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFSHARED.DLL.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\NewCommentRTL.png.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jre-1.8\bin\unpack200.exe.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ul-oob.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_telemetry.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Controls.Ribbon.resources.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ul-oob.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\hive.xsl.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.scale-180.png.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dcpr.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-stil.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Grace-ppd.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-pl.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.SPClient.Interfaces.DLL.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-pl.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-ul-oob.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OSFPROXY.DLL.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsBase.resources.dll.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\jfr\default.jfc.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp	eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe

C:\Users\Admin\AppData\Local\Temp\eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe
"C:\Users\Admin\AppData\Local\Temp\eb980aa541df428b4c0dab1e6d81ac6fbc33918097e66d0dc199b295f371e8f6.exe"
1⤵
- Drops file in Program Files directory
PID:3416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini.tmp

Filesize
47KB

MD5
11398a45f0edd3dd03eec649539676b1

SHA1
e05653229dd68f973db51f9a99ac56e307dff137

SHA256
25879c139a9d96a0eb026b636f92d6817c883d59b9df6e1e5274744e3c15b1cb

SHA512
003e646745fb1ace8c62c9292b9517f5fa82cb7039b8c84e8e253bfa5bf378795c01fd46587165dc36e6ef254194eae26dac4faa045cc73f0e44c1bd4c2ef2a4

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp

Filesize
146KB

MD5
41f718ca50dae683e8962a0c05c5aab5

SHA1
bf6b17090d26d86ce51c141d9f08c3aa76f8feb2

SHA256
e7f549398ec6a882ef5ff241c8f1b522396e696c51acbb4ddc1924ab6757c30b

SHA512
beac41a31be2c11fba276b739098b3589cca7b410de19a03753731e3e41d0a5875ba681e3985eb8c3a834e39454d37ccee821e17fa6c1027d7d1d18a38785eb9

Download Submit
memory/3416-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3416-1794-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads