eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1

Analysis

max time kernel
149s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
Size

62KB
MD5

5afb68ee7cc4d421ca318acca8fe8a5c
SHA1

f67049b49a72d0277db17a6f70152e9e4027be52
SHA256

eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1
SHA512

badc24f9e3a6bb340e00a6a2c737522a1ccc78cbdd2afa71cd743aa173f146cfeb2092af297d6247c120939ca851b8d2c0aa1dd9009c1db9d12ba6213a526bcf
SSDEEP

768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meD1:/7ZQpApze+eJfFpsJOfFpsJ5D1

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (4823) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe

description	ioc	process
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Office 2007 - 2010.xml.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\mip_clienttelemetry.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBCTRAC.DLL.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN108.XML.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ul-oob.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\desktop.ini.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ppd.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Arial-Times New Roman.xml.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Concurrent.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.RuntimeInformation.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXml.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProMSDNR_Retail-ppd.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\WacLangPackEula.txt.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-white_scale-140.png.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.Brotli.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationProvider.resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Trial-ppd.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\j2gss.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.officemui.msi.16.en-us.xml.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ul-oob.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk-1.8\bin\msvcp140.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ppd.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-pl.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\ReachFramework.resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationClient.resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\tracedefinition130.xml.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSPPT.OLB.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-private-l1-1-0.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-pl.xrm-ms.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationClientSideProviders.resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Java\jre-1.8\bin\java.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPivot.PowerPivot.x-none.msi.16.x-none.xml.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\EXCELPLUGINSHELL.DLL.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.contrast-black_scale-140.png.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\WindowsBase.resources.dll.tmp	eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe

C:\Users\Admin\AppData\Local\Temp\eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe
"C:\Users\Admin\AppData\Local\Temp\eb74e36ae8bacbcd8a70eb53aeb75b622c8f13f0744f0c94efd75584c309b3c1.exe"
1⤵
- Drops file in Program Files directory
PID:3920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2080292272-204036150-2159171770-1000\desktop.ini.tmp
Filesize
62KB

MD5
6171f2e204b966a8388b10891c618dba

SHA1
a39aba7d98d9b82f55468e104b82986627be624f

SHA256
08248192bc73589b9a51ad520f0cd124492e7e80389105233d017fafdbaa0da5

SHA512
02fb50cd370033ad43ada4174bc4d459267ea36851ed29b4007707ef3943424901d496fac838f161db21fc30f9f7652a3ced9dc6bfb7d75ab674c604be13287a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
161KB

MD5
fe0bda40fef1ffa89bdc2689c64430f5

SHA1
56cc8bb4edddb410efab0fde951a669659b6a803

SHA256
736da52e3e7a804a343d5bb75f4ba023a9ad431a73de16774df49f84561a0d64

SHA512
f3a61bfa4dff04f42edb32b7843ae857bfc708d1b25d3d9fc523ae46a787b3a34c84df32eb34950d90612a0e5cf531b68cedd3b7602408ca9336382bed386e5a

Download Submit
memory/3920-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/3920-1768-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download