Malware Analysis Report

2025-01-03 08:36

Sample ID 240611-dqd5yssblb
Target caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12
SHA256 caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12
Tags
upx ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12

Threat Level: Known bad

The file caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12 was found to be: Known bad.

Malicious Activity Summary

upx ransomware

UPX dump on OEP (original entry point)

Renames multiple (3780) files with added filename extension

UPX dump on OEP (original entry point)

Renames multiple (5358) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-11 03:12

Signatures

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-11 03:12

Reported

2024-06-11 03:15

Platform

win7-20240508-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe"

Signatures

Renames multiple (3780) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Tirane.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rss_headline_glow_docked.png.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\divider-vertical.png.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\7-Zip\Lang\gl.txt.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-snaptracer.jar.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_chroma\librv32_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCellMCE.lnk.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\misc\libexport_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libalphamask_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Araguaina.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Windows NT\Accessories\WordpadFilter.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\pipres.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\console_view.png.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\tt\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\DVD Maker\sonicsptransform.ax.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\Office14\NAMEEXT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_right_rest.png.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\distribute_form.gif.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\ITIRCL55.DLL.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Mozilla Firefox\precomplete.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe

"C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe"

Network

N/A

Files

memory/1492-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3691908287-3775019229-3534252667-1000\desktop.ini.tmp

MD5 c4d94adbc9faf11726ef70a972a9d9b7
SHA1 ded2efe145803fc12699b967dece2b67d00e007d
SHA256 662d9446c6adf4e4cd4a2c941c25303a387e62bbb5008d8d7dea616cd8980070
SHA512 1c08165946e45b4405e23cc40f1e2216b6e48e4dd70b99d67fcee20bc22805cb0c18309dda5974e439fefe18201e05d1dd6f813123028268212142369ffe4412

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 efe7e4260543dda34e059e601f2c45ae
SHA1 5defd48b36f6b5fb5cd75df7df3c3ee94cff9c91
SHA256 03c2a42831ee07ee0bc27321a8778ef223d73012fb502fc87d4b970ee363e555
SHA512 273fb936aff9a095c32ce54d2cdb4dd6c105937808f806d3364158b6fa441ba50bb06b7626d93a6d38942f95cf79cc74f1c978ae3366951141d49feedb810d4b

memory/1492-86-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-11 03:12

Reported

2024-06-11 03:15

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe"

Signatures

Renames multiple (5358) files with added filename extension

ransomware

UPX dump on OEP (original entry point)

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.AdHoc.Excel.Client.Entry.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.WINWORD.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\PRISTINA.TTF.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\WINGDNG2.TTF.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MINSBPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.Encodings.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Aero.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ITCKRIST.TTF.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2native.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN001.XML.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Thread.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\AirSpace.Etw.man.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OFFRHD.DLL.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jre-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Globalization.Calendars.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Fonts\private\BRADHITC.TTF.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\sfodbc_sb64.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe

"C:\Users\Admin\AppData\Local\Temp\caa2a47e906ff7b4d8a2cb55f36dfbc2aad1bf88be1cc38dcdfaffaae5f92e12.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4036,i,17096020621006928097,15544233752327415349,262144 --variations-seed-version --mojo-platform-channel-handle=1320 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/1640-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1181767204-2009306918-3718769404-1000\desktop.ini.tmp

MD5 618de3f5e9f93e773f2717a2c6e73835
SHA1 f2487db9b3fed018143d9ceba088180f558d67ab
SHA256 0a20c34608a157ba01ba179473b64a896d8a7ad97c86e9173d252b6053fcc16e
SHA512 69cc9756a8a181b76201f290c50a8decec491082a77a847f880b05a1fb735b96e0907381b91558c76cfbabef34b718398de89a831d7db8dc7203bead5d3d0daa

C:\Program Files\7-Zip\7-zip.chm.tmp

MD5 49035d4869fc2ce55add2aebf2c8adc1
SHA1 811994c7f0750a60ad96ba7ed3e1014ae2cfa122
SHA256 4b46f3b80b008732476f891762799889b78e952690653cbbb8b507db67c43d88
SHA512 c6ef7b9a771dfd9db4d0cf4f2ba30de7f635cc851e4a18df2e7419d46e4309f0edd3d905c4fd0f825ea83f4258d1886b0b52d3d14318f2aa35045341eaa860c1

memory/1640-1232-0x0000000000400000-0x000000000040A000-memory.dmp