Malware Analysis Report

2024-10-18 21:36

Sample ID 240625-v25wgswcjj
Target dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.7z
SHA256 4d3d315c87af193af02eb5489fa7228b9ecc3aef75464325acc38a9a8c232b02
Tags
play ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4d3d315c87af193af02eb5489fa7228b9ecc3aef75464325acc38a9a8c232b02

Threat Level: Known bad

The file dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.7z was found to be: Known bad.

Malicious Activity Summary

play ransomware

PLAY Ransomware, PlayCrypt

Renames multiple (742) files with added filename extension

Renames multiple (2463) files with added filename extension

Drops desktop.ini file(s)

Enumerates connected drives

Drops file in Program Files directory

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-25 17:30

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 17:30

Reported

2024-06-25 17:30

Platform

win7-20240611-en

Max time kernel

35s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe"

Signatures

PLAY Ransomware, PlayCrypt

ransomware play

Renames multiple (2463) files with added filename extension

ransomware

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.util_1.0.500.v20130404-1337.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\mix.gif C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_ja.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Yekaterinburg C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Asuncion C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-coredump_ja.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Argentina\San_Juan C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\Parity.fx C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5 C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Qatar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Panama C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msado27.tlb C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Pacific\Marquesas C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\security\US_export_policy.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Noronha C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-sampler.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\security\local_policy.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\gimap.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-jmx.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\MET C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Inuvik C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_zh_4.4.0.v20140623020002.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-attach_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.intro.zh_CN_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\flavormap.properties C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Mazatlan C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\toc.gif C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe

"C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe"

Network

N/A

Files

memory/1208-0-0x0000000000210000-0x000000000023C000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1340930862-1405011213-2821322012-1000\desktop.ini

MD5 b2db9caad8ece44e57a8378a2f78be2e
SHA1 e37cb20c4ebda0a92feb9293a2965073d761c9d4
SHA256 182a12353e93b638a47afae9cb42970b6c6dd0fc76ea896c38d2e05c81de84cd
SHA512 f98a0afe3a8bcf3fe6d0c5abfc65b87ef2ecded43558706e0351b82863c7c1cf646576e3b76ba36eac41f47f09870d6cc4371d98493259196f6378745a39b4c6

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 17:30

Reported

2024-06-25 17:30

Platform

win10v2004-20240508-en

Max time kernel

25s

Max time network

33s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe"

Signatures

PLAY Ransomware, PlayCrypt

ransomware play

Renames multiple (742) files with added filename extension

ransomware

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\zh-cn.txt C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\relaxngom.md C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\adojavas.inc C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\kn.pak C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\az.txt C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\icu.md C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Grunge Texture.eftx C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\FormatTrace.wdp C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\cmm\PYCC.pf C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\jopt-simple.md C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\sunjce_provider.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\accessibility.properties C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\msadomd28.tlb C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\LockRemove.jpg C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Orange Red.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\tzdb.dat C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\fonts\LucidaTypewriterBold.ttf C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaBrightRegular.ttf C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\tk.txt C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\javafx\glib.md C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\it-IT\ShapeCollector.exe.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\javacpl.cpl C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_LinkDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\ku.txt C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\si.txt C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\7-Zip\readme.txt C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\110.0.5481.104\Locales\nl.pak C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\jce.jar C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe

"C:\Users\Admin\AppData\Local\Temp\dcaf62ee4637397b2aaa73dbe41cfb514c71565f1d4770944c9b678cd2545087.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp

Files

memory/392-0-0x0000000000C40000-0x0000000000C6C000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2539840389-1261165778-1087677076-1000\desktop.ini

MD5 ba00e5f444c0afce93d8f9ff9c5650bd
SHA1 204973a77f1a7b6abdbdf1429df2f7a360389cc8
SHA256 9aa974cb5c57107227b952f528395fa2bbe6012b6fb9f4d560ae9a2654990ee5
SHA512 13c1bfd5be8c2a1aecae3b1eea4e94eedbbdaefb3045ca8c170a0537bf91f0765d18309ecfcabdea2adc2b9f706713a434d88f8000b99dfae27eac7642faf3ca