Malware Analysis Report

2024-10-19 08:20

Sample ID 240613-xgl9rasbmn
Target 4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc
SHA256 4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc
Tags
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc

Threat Level: Shows suspicious behavior

The file 4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc was found to be: Shows suspicious behavior.

Malicious Activity Summary


Enumerates connected drives

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-13 18:49

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 18:49

Reported

2024-06-13 18:52

Platform

win7-20240611-en

Max time kernel

150s

Max time network

124s

Command Line

C:\Windows\Explorer.EXE

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Windows Journal\de-DE\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ug\LC_MESSAGES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Library\Analysis\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Swirl\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Windows Mail\fr-FR\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_BR\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft.NET\RedistList\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ug\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\js\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Minesweeper\de-DE\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\lua\modules\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\jfr\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\Packages\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Windows Mail\es-ES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ko\LC_MESSAGES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Americana\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Minesweeper\fr-FR\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\eu\LC_MESSAGES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\en-US\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Windows Media Player\de-DE\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms4\FormsStyles\Americana\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca@valencia\LC_MESSAGES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\ktab.exe C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\my\LC_MESSAGES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\js\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\js\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\en-US\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\Mozilla Firefox\fonts\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUEPRNT\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\ja-JP\css\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bs\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ca@valencia\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\css\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rundl132.exe C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A

Runs net.exe

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe

"C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe"

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

Network

N/A

Files

memory/2344-0-0x0000000000400000-0x0000000000436000-memory.dmp

memory/1264-5-0x0000000002530000-0x0000000002531000-memory.dmp

memory/2344-7-0x0000000000400000-0x0000000000436000-memory.dmp

F:\$RECYCLE.BIN\S-1-5-21-2812790648-3157963462-487717889-1000\_desktop.ini

MD5 4f2460b507685f7d7bfe6393f335f1c9
SHA1 378d42f114b1515872e58de6662373af31ab8c7b
SHA256 47a22297ce31d17b0f37251ce63cf2eb146700451caab6dd0aa710d2526c8e42
SHA512 75dcca6b81ac47511b847a5c35be4bddbee425436f7bfd1347115e18b84f52a16a5c517bda0a5f5d0a1f2541aab80d764932d8018538cb112fa3b6c9977e95eb

memory/2344-14-0x0000000000400000-0x0000000000436000-memory.dmp

memory/2344-20-0x0000000000400000-0x0000000000436000-memory.dmp

memory/2344-66-0x0000000000400000-0x0000000000436000-memory.dmp

memory/2344-72-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Program Files\7-Zip\7zFM.exe

MD5 f0572dc5e55a0134164be82897b865f0
SHA1 3185a9c1f2d8f02386c3e0ae754d517393952731
SHA256 bc5bf78b30919044d13ae23ef35a4aa19a8fe498464db155a9c81ec3875f4c5f
SHA512 7e29723e8ba4b268cfd783f4b33b4905479dd7ff23efdc2668857f379d4815b44a59a451dd65ffc32e59c52f5a583d4ef763d8b7970aa85757f3873638e9e95f

memory/2344-564-0x0000000000400000-0x0000000000436000-memory.dmp

memory/2344-1849-0x0000000000400000-0x0000000000436000-memory.dmp

memory/2344-2207-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

MD5 1cc007ad1cf7a7166c5948204c910c52
SHA1 378f62d6d34f7ce4ca389bd378ff9bce27222731
SHA256 302563b3bc71e1ec5178f58aceed32cf6c91664372d00f61038880b31b6bbecb
SHA512 9f6de25ba108d143d391b876658997c7f31989ca57f0d2783d45a23c721996c7c76cbd1f89c98feed38d55b5d11c1098898549872671164a688bef4e934fd463

memory/2344-3309-0x0000000000400000-0x0000000000436000-memory.dmp

C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

MD5 c14a5111b798cff20d7d66b0e035d409
SHA1 29f0894552b30815fed6ad231b5721e876869552
SHA256 fd6f57dc1b82f6301cbecbf9db5728a9a69b10e3edbf4f8a1dfef571c77a6cb6
SHA512 a4d8b74216c76fa3d48ab7300452725602bc6d5bcc0e6c23d458d65362cd24751f23755180ae69633090b172e95f18f225c0cb4a71dd1e050d8b3dff466e7f1b

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-13 18:49

Reported

2024-06-13 18:52

Platform

win10v2004-20240508-en

Max time kernel

149s

Max time network

151s

Command Line

C:\Windows\Explorer.EXE

Signatures

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\VideoLAN\VLC\locale\el\LC_MESSAGES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\StoreLogo\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.27405.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-black\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\da-dk\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\en-il\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fr-ma\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\unpack200.exe C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBridge\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\cs-cz\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\nb-no\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\sl-sl\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\brx\LC_MESSAGES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\sl-sl\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\pt-br\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\libs\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\tr-tr\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\de-DE\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\eo\LC_MESSAGES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\RTL\contrast-black\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\cs-cz\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\zh-cn\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\it-it\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\browser\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Resources\RetailDemo\strings\en-us\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_2.34.28001.0_neutral_~_8wekyb3d8bbwe\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\cs-cz\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\ko-kr\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\fr-fr\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\cs-cz\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\ne\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\hr-hr\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.50.6001.0_x64__8wekyb3d8bbwe\AppxMetadata\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\fss\js\nls\da-dk\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\es-es\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\pl-pl\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\AppInfoDocument\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ru-ru\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\zh-cn\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\ink\es-ES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Common Files\Microsoft Shared\VSTO\10.0\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sr\LC_MESSAGES\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\dtplugin\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_92.0.902.67_neutral__8wekyb3d8bbwe\microsoft.system.package.metadata\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.18101.0_x86__8wekyb3d8bbwe\AppxMetadata\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\css\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ca-es\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\generic-rhp-app\js\nls\de-de\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sign-services-auth\js\nls\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\es_MX\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Images\Ratings\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\uk-ua\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\pt-br\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\applet\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
File created C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sw-KE\View3d\_desktop.ini C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rundl132.exe C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A

Runs net.exe

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe N/A

Processes

C:\Windows\Explorer.EXE

C:\Windows\Explorer.EXE

C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe

"C:\Users\Admin\AppData\Local\Temp\4928dedaf44a46abd5e014e2ad3ddf7e281a4ecd2cf6a00cb762679da9901afc.exe"

C:\Windows\SysWOW64\net.exe

net stop "Kingsoft AntiVirus Service"

C:\Windows\SysWOW64\net1.exe

C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"

Network

Country Destination Domain Proto
NL 52.142.223.178:80 tcp

Files

memory/3496-0-0x0000000000400000-0x0000000000436000-memory.dmp

memory/3496-5-0x0000000000400000-0x0000000000436000-memory.dmp

F:\$RECYCLE.BIN\S-1-5-21-1337824034-2731376981-3755436523-1000\_desktop.ini

MD5 4f2460b507685f7d7bfe6393f335f1c9
SHA1 378d42f114b1515872e58de6662373af31ab8c7b
SHA256 47a22297ce31d17b0f37251ce63cf2eb146700451caab6dd0aa710d2526c8e42
SHA512 75dcca6b81ac47511b847a5c35be4bddbee425436f7bfd1347115e18b84f52a16a5c517bda0a5f5d0a1f2541aab80d764932d8018538cb112fa3b6c9977e95eb

memory/3496-12-0x0000000000400000-0x0000000000436000-memory.dmp

memory/3496-19-0x0000000000400000-0x0000000000436000-memory.dmp

memory/3496-22-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Program Files\dotnet\dotnet.exe

MD5 789727db484b9ccef228b4540c976c77
SHA1 3f425d7dec5abc50878707f219dfe8f752a2eeb0
SHA256 7e78362685f2259541422899c96484544bbfd14f2b9f75a5ecb77c0a7758a4f9
SHA512 2184a0c02506b10eb77311448247104163106e6da8dadc55eeff0cb77d57f2bfd90eb01fcb907527a204347cea406781483ecb5eaaa4a070f5af23ba88c2e6e3

memory/3496-82-0x0000000000400000-0x0000000000436000-memory.dmp

memory/3496-1217-0x0000000000400000-0x0000000000436000-memory.dmp

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

MD5 1cc007ad1cf7a7166c5948204c910c52
SHA1 378f62d6d34f7ce4ca389bd378ff9bce27222731
SHA256 302563b3bc71e1ec5178f58aceed32cf6c91664372d00f61038880b31b6bbecb
SHA512 9f6de25ba108d143d391b876658997c7f31989ca57f0d2783d45a23c721996c7c76cbd1f89c98feed38d55b5d11c1098898549872671164a688bef4e934fd463

memory/3496-4782-0x0000000000400000-0x0000000000436000-memory.dmp

C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\windowsdesktop-runtime-8.0.2-win-x64.exe

MD5 ad5a7e5eb1a1cdd791957e07c93748ae
SHA1 6e4f8c5f4d791327e11d0d68ca6f514554af8481
SHA256 cfee92d916fbbb95d8282c3264d3708ad1ddfdd9db4daaf00e0c96a22854c4dc
SHA512 a8acd191aec48dac8d5808a93ee973ea52793140e318b4d870fb10e4e8ba0756fe95654134dd1c175168375a0f7caebfd8a7d46a9b3dc71006f830b53dd9fefe

memory/3496-5221-0x0000000000400000-0x0000000000436000-memory.dmp