Malware Analysis Report

2025-01-03 08:34

Sample ID 240611-av2j9swhqg
Target 8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5
SHA256 8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5

Threat Level: Known bad

The file 8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (5198) files with added filename extension

Renames multiple (3755) files with added filename extension

UPX dump on OEP (original entry point)

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 00:32

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 00:32

Reported

2024-06-11 00:35

Platform

win7-20240508-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe"

Signatures

Renames multiple (3755) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\js\controllers.js.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-full_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdvbsub_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\combo-hover-left.png.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.beans.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.RunTime.Serialization.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\1px.gif.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\AUMProduct.aup.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ccme_base.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-lib-uihandler.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\d3d9\libdirect3d9_filters_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ps\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Kiritimati.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MSOHEV.DLL.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\WMPDMCCore.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\js\calendar.js.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.resources_3.9.1.v20140825-1431.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Beirut.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\CET.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Xml.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Windows Journal\it-IT\jnwdui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_rainy.png.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Mac\ROMANIAN.TXT.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\en-US\Hearts.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Rangoon.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Windows Media Player\Skins\Revert.wmz.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-profiler.jar.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ar\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-full.png.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe

"C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe"

Network

N/A

Files

memory/3056-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\desktop.ini.tmp

MD5 e238ccade80c8805a9c471b9eee517b5
SHA1 e893a5c26c1d6cbf6d1932a51cc5299011dddb8b
SHA256 12b4d80a6e87a16789ba427d65f77678397dc631c04c9449ec758f82e5ca6e4b
SHA512 d770d877cb64a3e6da80e2c090172dc1a570adb5bac53255c9b82fa5ee60e8d5f2ec0109981954633897db6567919e779778dd4c20568fa5b652f989d644daed

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 39137c3a23cbe932c3a487c78cf4ee37
SHA1 f738a70496fd87b9f2e2c7a7b5c5eb956656a674
SHA256 b3ebdd42d97058f5a9731bcf0d79601c0eba8d003cbecf0cfb1bedd53b7fcee9
SHA512 e742f7ec763b6bae3ddb033b98bb53a86a7ac0d969367e4f9d826f311587e036c985187755be2ac990d30f9fa1e5b5ee3c38ea016445568004a3eb4edb9582c7

memory/3056-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 00:32

Reported

2024-06-11 00:35

Platform

win10v2004-20240426-en

Max time kernel

150s

Max time network

108s

Command Line

"C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe"

Signatures

Renames multiple (5198) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\ONENOTE\16\Stationery\ACADEMIC.ONE.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpointmui.msi.16.en-us.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.h.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2.16.White.png.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PROOF\MSGR8ES.LEX.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7fr.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\D3DCompiler_47_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemDrawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.OData.Edm.NetFX35.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\YEAR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\office.core.operational.js.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\GADUGI.TTF.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_f3\FA000000003.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win8.mp4.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\SELFCERT.EXE.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.CSharp.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OsfTaskengine.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe

"C:\Users\Admin\AppData\Local\Temp\8ede8d5934cf16cfbb8472e5b6cc76d5408b89440a86ae46d81c50d9ec4fc5c5.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 48.110.63.41.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 157.123.68.40.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 56.110.63.41.in-addr.arpa udp

Files

memory/1124-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-540404634-651139247-2967210625-1000\desktop.ini.tmp

MD5 900013a2525df67c1f73faee20139abd
SHA1 7e7974c83b0f21ea0d86d2f442c6a823d80da56a
SHA256 eb549e95a9558331f8d5df89d26181b4fbe98fe1373c8050a9f854265e062eb5
SHA512 c12b84e8f2b7ab174c6770e5afb0f59138083a11ada52e9d29b19bc0fed18695da892397252833e3affa15264b84a439410de47f72f7a6c9b0db75dac0665c54

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 38234ac9b4db8836f9f9e84eda519f92
SHA1 3d13837d82820cd564061e184a244d68fd3a8f76
SHA256 537f42d290f51ed7fb038423e92c6281fd573941d2491865e224491688403052
SHA512 509313f71210d783d1a197f0ac0a1a77effcce7149da32eb009500ce2fe348c914c90e0023503fb21dcd3e6dfcc311bd6b67ec9d760c7ae9787eca98d7345d53

memory/1124-1172-0x0000000000400000-0x000000000040A000-memory.dmp