eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781

Analysis

max time kernel
150s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 04:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
Size

39KB
MD5

7b5844a39a0193bb0e9e5667bb0726cd
SHA1

bb0b1d3939c30b8e36486922187312f0aee4f722
SHA256

eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781
SHA512

f1e6bbe530ddb14f9fc5621d2e9ae2bcee4df8704874b7bcdba9dae0ef8480f5e76e9e8780b04f8ddda6628fc3a9418bc76a745b78642a2488abdf1958a690a6
SSDEEP

768:W7BlpppARFbhFAVo7FOtiJw1OtiJfo7FOtiJw1OtiJWHAJxBHAJxo:W7ZppAp1IWI7

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3859) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe

description	ioc	process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.ZipFile.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\WindowsFormsIntegration.resources.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O17EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\7-Zip\Lang\io.txt.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationProvider.resources.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\UIAutomationTypes.resources.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ul-oob.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_KMS_Client_AE-ppd.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Controls.Ribbon.resources.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\content-types.properties.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Java\jre-1.8\bin\dcpr.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Java\jre-1.8\lib\cmm\CIEXYZ.pf.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Client\msvcp140.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-1-0.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Windows.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Brotli.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Java\jre-1.8\bin\jsdt.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-ppd.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Common Files\System\uk-UA\wab32res.dll.mui.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_EnterpriseSub_Bypass30-ppd.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ppd.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Java\jre-1.8\lib\deploy\messages_it.properties.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Milk Glass.eftx.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Retail-ul-oob.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\pt-PT.pak.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\Microsoft.VisualBasic.Forms.resources.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPointVL_MAK-ul-phn.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Input.Manipulations.resources.dll.tmp	eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe

C:\Users\Admin\AppData\Local\Temp\eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe
"C:\Users\Admin\AppData\Local\Temp\eed06183662a5df47d9c9cbed0b0eceed1cdc9e33db293c90d0d3ace89d1a781.exe"
1⤵
- Drops file in Program Files directory
PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2494989678-839960665-2515455429-1000\desktop.ini.tmp
Filesize
40KB

MD5
ffa3ff312b89d8df9d3ac6c44e9219f9

SHA1
f02f54f290bb78868f330409c9cd86370b27f1ef

SHA256
e2987c090fae17ceabf4cc1785e2d4c704c3f217fd2a77ee7339b18d8586d33a

SHA512
af3879427bcfefaa2163d58775e25a93debaa6c66d997f1e98b48aff0e96cdada44daa0be4c89edf5526533848eb1553fe2443c74f18b554ed211b44c0a63c6a

Download Submit
C:\Program Files\7-Zip\7-zip.dll.tmp
Filesize
138KB

MD5
501202945377041b62a6a3c3b35502e8

SHA1
e2966869650862cc53aca64f452aee874434965a

SHA256
e06099b6123e314775a94da5db6943b1f41317490a0beebf7473f88683518308

SHA512
aed8f07975b6c5708f0852c08b679174fa332b3374bea2cf0a0e86e53ce567afeb299ecd84275c812cda21c846db548f62f48f51fd4a69f7965b25366eebcbf3

Download Submit