Analysis
-
max time kernel
149s -
max time network
104s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
05-11-2020 20:02
Static task
static1
Behavioral task
behavioral1
Sample
c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe
Resource
win10v20201028
General
-
Target
c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe
-
Size
170KB
-
MD5
b0ee9dae7de7781ea809278c48c310a5
-
SHA1
28be65219441d78399027aa42c9cc7456ee67130
-
SHA256
c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8
-
SHA512
5b954dd7bd05549d8f29b720db615b4e79cf07a41efab7ed765eb8533ad429c0d351e610900fbc6ee8f1dc5f2c8c10e53a494a4f9ec8ffd54444a8ab0c2bd8ff
Malware Config
Signatures
-
Modifies extensions of user files 6 IoCs
Ransomware generally changes the extension on encrypted files.
Processes:
c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exedescription ioc process File renamed C:\Users\Admin\Pictures\RenameApprove.crw => C:\Users\Admin\Pictures\RenameApprove.crw..doc c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File renamed C:\Users\Admin\Pictures\RepairFind.png => C:\Users\Admin\Pictures\RepairFind.png..doc c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File renamed C:\Users\Admin\Pictures\SkipUnpublish.tif => C:\Users\Admin\Pictures\SkipUnpublish.tif..doc c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Pictures\DenyClose.tiff c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File renamed C:\Users\Admin\Pictures\DenyClose.tiff => C:\Users\Admin\Pictures\DenyClose.tiff..doc c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File renamed C:\Users\Admin\Pictures\ExportInvoke.crw => C:\Users\Admin\Pictures\ExportInvoke.crw..doc c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 26 IoCs
Processes:
c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exedescription ioc process File opened for modification C:\Users\Admin\Searches\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Saved Games\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Music\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Public\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Public\Libraries\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Public\Downloads\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Public\Documents\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Public\Desktop\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Documents\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Public\AccountPictures\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files (x86)\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\OneDrive\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Links\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Favorites\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Downloads\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Public\Videos\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Public\Pictures\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Public\Music\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Videos\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe -
Drops file in Program Files directory 14143 IoCs
Processes:
c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exedescription ioc process File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\Read___ME.html c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\hu-hu\Read___ME.html c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\ko-kr\ui-strings.js c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\spectrum_spinner_process.svg c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\Fonts\private\SEGOEUISL.TTF c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.OneConnect_2.1701.277.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\OneConnectMedTile.scale-100.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\SyncFusion.Grid.Grouping.Base.dll c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\69_32x32x32.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-60_altform-unplated.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_en_135x40.svg c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\fr_get.svg c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_25.25.13009.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-256_altform-unplated_contrast-white.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\py_16x11.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\jm_60x42.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\images\themes\dark\rhp_world_icon_2x.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-64.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.511.8780.0_x64__8wekyb3d8bbwe\Bing.Immersive\Shaders\SimpleCubeShader-downlevel.vs c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\fi-fi\ui-strings.js c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellModel.bin c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1612.10312.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubStoreLogo.scale-125.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\WideTile.scale-100.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-black\MedTile.scale-100.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1702.301.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-36.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\Read___ME.html c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSmallTile.scale-150.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.3_1.3.23901.0_x86__8wekyb3d8bbwe\AppxBlockMap.xml c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.14.1181.0_x64__8wekyb3d8bbwe\Assets\GameEnd\endGame_yellow_up.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\ch_16x11.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1611.10393.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-black\WideTile.scale-200.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxAccountsLargeTile.scale-100.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\7357_20x20x32.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\animations\OneNoteFRE_SaveAutomatically_RTL_Tablet.mp4 c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Thumbnails\Sticker_Icon_Tick.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1611.10393.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsStoreLogo.scale-125.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-200.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1702.333.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\TimerMedTile.contrast-black_scale-125.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.3DBuilder_13.0.10349.0_x64__8wekyb3d8bbwe\Assets\Office\move.scale-100.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ca-es\Read___ME.html c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\large\sv_60x42.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\adoberfp.dll c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\Read___ME.html c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ko-kr\Read___ME.html c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Emoticons\large\heart.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.7668.58071.0_x64__8wekyb3d8bbwe\images\Office365LogoWLockup.scale-100.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\es-es\Read___ME.html c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1702.333.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-72.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16112.11601.0_x64__8wekyb3d8bbwe\resources.pri c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7906.42257.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailLargeTile.scale-125.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_1.1702.21039.0_x64__8wekyb3d8bbwe\Assets\dev-config.json c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\VideoLAN\VLC\COPYING.txt c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\fr-fr\Read___ME.html c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\ui-strings.js c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\img\adobe_sign_tag_retina.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Emoticons\large\ninja.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_4.5.6.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedSmallTile.scale-200_contrast-white.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsStore_11701.1001.87.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreMedTile.scale-200.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.204.0_x64__kzf8qxf38zg5c\SkypeApp\Designs\Flags\small\ls_16x11.png c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\pt-br\Read___ME.html c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\eu-es\ui-strings.js c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exepid process 1100 c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe 1100 c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe"C:\Users\Admin\AppData\Local\Temp\c45ef4a35047e14d8eaf54cab44a432be18e93915ac26a2f1294d260f220aea8.exe"1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses