Malware Analysis Report

2024-10-18 21:36

Sample ID 231116-2fjjpaah23
Target 23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.zip
SHA256 4fec92e380ecbf39d8a178fc8f487dc9092833533a450e616da317639b3eb34c
Tags
play ransomware spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4fec92e380ecbf39d8a178fc8f487dc9092833533a450e616da317639b3eb34c

Threat Level: Known bad

The file 23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.zip was found to be: Known bad.

Malicious Activity Summary

play ransomware spyware stealer

PLAY Ransomware, PlayCrypt

Renames multiple (8440) files with added filename extension

Renames multiple (1518) files with added filename extension

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-11-16 22:31

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-11-16 22:31

Reported

2023-11-16 22:34

Platform

win7-20231023-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe"

Signatures

PLAY Ransomware, PlayCrypt

ransomware play

Renames multiple (8440) files with added filename extension

ransomware

Reads user/profile data of web browsers

spyware stealer

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\Recorded TV\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Contacts\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\Libraries\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Searches\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Solitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\Pictures\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-2085049433-1067986815-1244098655-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Favorites\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Saved Games\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\Music\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\Desktop\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\Downloads\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\DataServices\DESKTOP.INI C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\Documents\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10268_.GIF C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MEDIA\SUCTION.WAV C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\images\add_down.png C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\AddToViewArrowMask.bmp C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_ja_4.4.0.v20140623020002.jar.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\configuration\org.eclipse.equinox.simpleconfigurator\bundles.info.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\vlc.mo.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099193.GIF C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\localizedSettings.css C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0309585.JPG C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\AccessWeb\SERVWRAP.ASP C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\London.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PROOF\MSTH7EN.LEX C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mk.txt.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\LASER.WAV C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\feature.properties.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Spades\de-DE\ShvlRes.dll.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0205466.WMF C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.ui.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PUBWIZ\DGWEBSBR.DPV C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Amman.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0285808.WMF C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBFTSCM\FONTSCHM.INI C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\CONVERT\OLAPPT.FAE C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Library\Analysis\ANALYS32.XLL C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Optional\README.TXT C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0240157.WMF C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO01569_.WMF C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jmx_ja.jar.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\TestCheckpoint.ADT C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PH00601G.GIF C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0174639.WMF C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_zh_CN.jar.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\PDIR20F.GIF C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-explorer.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\MEDIA\CAGCAT10\J0211949.WMF C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_ja_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-charts.jar C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\images\22.png C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.PLAY C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe

"C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe"

Network

N/A

Files

memory/2720-0-0x0000000000150000-0x000000000017C000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2085049433-1067986815-1244098655-1000\desktop.ini

MD5 2f4754b1d296a2aff0160997e7aa1b06
SHA1 cd449e8a5b7df66f6dd36d58e14ebbfbae4d6058
SHA256 e4f7dce45e5fb58e1fc4e23551906aac876c026ddf943e16bfe5739816b01c1b
SHA512 b5304940b3d6cfec976e5c38641632d62014f504761da3c8302f1a39c3a258ec4295692432afa0349aeed0c3d57c99e384faeddd2da4b87f3244a9042c72315e

Analysis: behavioral2

Detonation Overview

Submitted

2023-11-16 22:31

Reported

2023-11-16 22:34

Platform

win10v2004-20231023-en

Max time kernel

172s

Max time network

169s

Command Line

"C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe"

Signatures

PLAY Ransomware, PlayCrypt

ransomware play

Renames multiple (1518) files with added filename extension

ransomware

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\zipfs.jar C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Corbel.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_Subscription-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Reflection.eftx C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\kk.txt C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentVNextR_Trial-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Slice.thmx C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri Light-Constantia.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\javafx\libffi.md C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_Retail-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.DCF.DCF.x-none.msi.16.x-none.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.proofing.msi.16.en-us.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Grace-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_KMS_Client_AE-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Grace-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremDemoR_BypassTrial365-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.office32mui.msi.16.en-us.xml C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe

"C:\Users\Admin\AppData\Local\Temp\23f757c619e418b14b72299af7b77cc6939dfd2ce7d094498446f2ce4961666c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 67.254.221.88.in-addr.arpa udp
US 8.8.8.8:53 134.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.154.82.20.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 198.1.85.104.in-addr.arpa udp
US 8.8.8.8:53 158.240.127.40.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 56.126.166.20.in-addr.arpa udp
US 8.8.8.8:53 218.240.110.104.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 204.79.197.200:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 146.78.124.51.in-addr.arpa udp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 59.128.231.4.in-addr.arpa udp

Files

memory/4408-0-0x0000000000F70000-0x0000000000F9C000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3125601242-331447593-1512828465-1000\desktop.ini

MD5 9ca0aaa29edcb0578cc6d0d2df8e84fb
SHA1 13cea0eaf711f6b61d8c78aea956f81c6efdb329
SHA256 33696c385d740fc19867259bf2b6dfa34d08019dfb59fd3c895bcc0624590ba3
SHA512 e0f51ffc9b7cf4abc8682032865e6ccd7009ab9e7a50861c8975b7b92aad5e357201d509930a566bfc5d71726b4667222ac92de100a5716f13ff36d43e8ddd30