Malware Analysis Report

2024-10-18 21:36

Sample ID 240727-bp25aazhmf
Target 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe
SHA256 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545
Tags
play ransomware discovery
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545

Threat Level: Known bad

The file 3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe was found to be: Known bad.

Malicious Activity Summary

play ransomware discovery

PLAY Ransomware, PlayCrypt

Renames multiple (3466) files with added filename extension

Renames multiple (1232) files with added filename extension

Drops desktop.ini file(s)

Enumerates connected drives

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-27 01:20

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-27 01:20

Reported

2024-07-27 01:24

Platform

win7-20240705-en

Max time kernel

77s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe"

Signatures

PLAY Ransomware, PlayCrypt

ransomware play

Renames multiple (3466) files with added filename extension

ransomware

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files (x86)\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Games\FreeCell\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Hearts\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Solitaire\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\2.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Purble Place\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Windows NT\Accessories\de-DE\wordpad.exe.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\MergeSet.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\en_GB\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\content-types.properties C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_s.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waning-crescent.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\MSOSV.DLL C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Belize C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Atlantic\Madeira C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Montreal C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt_0.11.101.v20140818-1343.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBlue.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Seoul C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_s.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Windows Journal\ja-JP\JNTFiltr.dll.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\de-DE\gadget.xml C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\library.js C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\America\Menominee C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\id\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-lib-profiler-ui.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner_h.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SLATE\PREVIEW.GIF C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\BRANDING.DLL C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\WATER\WATER.ELM C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtau C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\zi\Europe\Gibraltar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-editor-mimelookup.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\icon.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre7\lib\ext\sunjce_provider.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEWSTR.DLL C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.felix.gogo.runtime_0.10.0.v201209301036.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_zh_CN.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Groove.en-us\SETUP.XML C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\ESEN\MSB1ESEN.ITS C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe

"C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

Network

N/A

Files

memory/1760-0-0x0000000000290000-0x00000000002BC000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini

MD5 567f35c849b7a7a0a69a7f3cf61ac504
SHA1 c9b4ac91f57de9afb6b9699fd45adcf145d2c3b7
SHA256 7335d3e87a952bbb0e96e81abbdfa3c967713cc4a14e54f4d0881ce6b3e0cdbe
SHA512 56358180bb625f9edc9b0c9c667fac94fdeb2293493b9d0c59e41a110169ba9f50951b0041380036b7fce6acfc51ab66890cafd205220f48395bc3d0222573bf

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-27 01:20

Reported

2024-07-27 01:24

Platform

win10v2004-20240709-en

Max time kernel

70s

Max time network

155s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe"

Signatures

PLAY Ransomware, PlayCrypt

ransomware play

Renames multiple (1232) files with added filename extension

ransomware

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\$Recycle.Bin\S-1-5-21-1705699165-553239100-4129523827-1000\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\U: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\Z: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\B: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\I: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\M: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\S: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\T: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\X: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\K: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\O: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\R: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\J: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\L: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\N: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\Q: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\V: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\A: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\G: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\H: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\W: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\Y: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\E: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened (read-only) \??\P: C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\7-Zip\Lang\ast.txt C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\management\jmxremote.access C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.106\VisualElements\LogoCanary.png C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\mesa3d.md C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\fre\StartMenu_Win10.mp4 C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Subtle Solids.eftx C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\bn.txt C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\cldr.md C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\invalid32x32.gif C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\lv.pak C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\InitializeComplete.easmx C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\legal\jdk\giflib.md C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.106\Locales\en-US.pak C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.106\vk_swiftshader_icd.json C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\cmm\GRAY.pf C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\ext\cldrdata.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\javafx\gstreamer.md C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\charsets.jar C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\7-Zip\Lang\is.txt C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\deploy\messages_de.properties C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Garamond.xml C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-pl.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Riblet.eftx C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ul-oob.xrm-ms C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe

"C:\Users\Admin\AppData\Local\Temp\3f943430b49481aca6f57051ed0ced1a08038373f063afdd2423d8d72b19b545.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
US 8.8.8.8:53 140.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 170.117.168.52.in-addr.arpa udp

Files

memory/1520-0-0x0000000002440000-0x000000000246C000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1705699165-553239100-4129523827-1000\desktop.ini

MD5 37dd2ce6a9351dc551f1899b45f0d8b0
SHA1 d770039f0c92ef1c9ab3a01c62413e54c9494094
SHA256 8d81cccdfb6a98908a90d928f102a17d4d05744a7e9d47fdbc7b2860dd5596d5
SHA512 ceab602d0b345cf5f27821ec67530926047acea976432deb2b0b381913cb86227dbd7cbf2c5c810cc5eb94d949e0dcf71bec3d3432b74700a7944960b49550d7