Malware Analysis Report

2024-09-23 04:43

Sample ID 240614-bvfs8szcqg
Target 46a4373a64bb3a2c2eb248b595a2d2f0.bin
SHA256 cfbc97c7bba6d5380f0de0a5e37e131c9fc0c92e060bf09c1a97099ab7aa30e1
Tags
ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

cfbc97c7bba6d5380f0de0a5e37e131c9fc0c92e060bf09c1a97099ab7aa30e1

Threat Level: Likely malicious

The file 46a4373a64bb3a2c2eb248b595a2d2f0.bin was found to be: Likely malicious.

Malicious Activity Summary

ransomware

Renames multiple (3434) files with added filename extension

Renames multiple (5212) files with added filename extension

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK Matrix

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 01:27

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 01:27

Reported

2024-06-14 01:30

Platform

win7-20240221-en

Max time kernel

150s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe"

Signatures

Renames multiple (3434) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Boise.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Marengo.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Hong_Kong.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Mozilla Firefox\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-core-kit_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Madrid.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\plugins.dat.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Shanghai.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_moon-last-quarter_partly-cloudy.png.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre7\lib\security\javafx.policy.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Mozilla Firefox\defaults\pref\channel-prefs.js.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_foggy.png.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\UTC.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libvc1_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\library.js.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\7-Zip\7zCon.sfx.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Macau.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-options-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Windows Mail\wabfind.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.change_2.10.0.v20140901-1043.jar.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.security_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-tools.xml.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Windows Journal\jnwmon.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre7\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\it-IT\js\currency.js.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\et\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe

"C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp

MD5 dadc7ae2b36a48bcfb1b73fd76012d12
SHA1 86410691b02c4f7a890d9ed6f8785c724edbf7cc
SHA256 4a42ff6199af465d6f07c7679ece42365d0da977d14a5b0fdd3619c8b7abd7a0
SHA512 84ac49c9daecde6324ff6bfd1a4bf88e7c49c58676c069c9db36af3f11c9f2a0558ab8cdda1461615606841db5cb7d27290f288cbd0e647d44d50aa68eb19a05

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 9659802fac08fbb5b5c0a8b957d61d27
SHA1 70d4deca3c09905c493ad2aea67a9fdbf83fb03c
SHA256 808fa0ad89fece731191067f57fb8d2fc9bbcc74000292ad030267c46c247c6e
SHA512 01166bb18fbb2e2542e6d0cb2b30b53a908059bbbdef10318895f873781c95638095e4ddb493e1ba5b74326a783f94049182a9722926781e72a014973d28a616

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 01:27

Reported

2024-06-14 01:30

Platform

win10v2004-20240508-en

Max time kernel

150s

Max time network

51s

Command Line

"C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe"

Signatures

Renames multiple (5212) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\PUSH.WAV.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BIPLAT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.CompilerServices.Unsafe.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jawt.h.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.Interfaces.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Internet Explorer\IEShims.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL010.XML.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft Help\MS.POWERPNT.16.1033.hxn.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7es.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\es\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NL7MODELS000A.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.VisualBasic.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Console.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe

"C:\Users\Admin\AppData\Local\Temp\46a4373a64bb3a2c2eb248b595a2d2f0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1337824034-2731376981-3755436523-1000\desktop.ini.tmp

MD5 952313651b5c9eef142c527e8a4707a7
SHA1 01f7dc7a250a6057a7e896d73587cd65b82e4344
SHA256 b400756410ad4ab39b19bf010cd7d2c41d7618fe42e69e653244605f1363c8f6
SHA512 692d998e3ce89ffd6275f4089e7125250e3faa4e7bd3d1ffb9f437dd40984036f90c5bcfe1be89fc6fb490fffe7a05182f7556c72420deee2277fd4b9fba834a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3d63f09dfecefa7ab408eb052ca492fd
SHA1 fdf1f4c5ad12e922bb0f2acb072a7a1a6bf36542
SHA256 d36897aac37bc1e405bc3c76aea438c62b912e1f59674cfe3684b2dd005d5473
SHA512 5fa2882607b3af89c897e059f9930420fc03db6f60d1ff0643a197e39a621bc9fb392de5e9fd4e4355c69d06187ad0b19f142bbdd4c40683b15dc6fa9bda9a67