Malware Analysis Report

2025-08-10 20:53

Sample ID 240825-hqmvba1cmb
Target 182520a708225d28daedd10116406130N.exe
SHA256 54bef597cacf1f5d826f943614e2fe79767c71b33b468d27322dd7fd3950bd63
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

54bef597cacf1f5d826f943614e2fe79767c71b33b468d27322dd7fd3950bd63

Threat Level: Likely malicious

The file 182520a708225d28daedd10116406130N.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4648) files with added filename extension

Renames multiple (3228) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-25 06:56

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-25 06:56

Reported

2024-08-25 06:58

Platform

win7-20240705-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe"

Signatures

Renames multiple (3228) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jre7\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe

"C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

MD5 1842089f89ed69323b3643c281b1f2d3
SHA1 ce13f4b885350a0c657c3ac97c6a84bcc62a504e
SHA256 629421714d05b293e57bab66b608bac7dd37d665fac9f138acb8090b0e6791e5
SHA512 bcdd0b2b3e292cf76056b4660b2dd59f5526ea875b682579ec3f5c4f465667936d3936b61fa03aaa388ce807ae8e7075245a5fca2c27ba3b905574b8c6e30424

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 ab2f8dacd501c6e8883c076997dd28bc
SHA1 3f522e03a5ac17a43ca5de0733f573b78238d0a5
SHA256 4c6168aa0f7fe378a91c5341e9e2e946d8521dbdf33f94cfd7fbbf83f26f34c3
SHA512 0a7b92979929bfb9d3f06cb27f8456b95889e2348552103c1c05edf95f44c6e27254cf4cf5177af12e85fb8c78553c814b37223c437412b2f1af6062887d227e

Analysis: behavioral2

Detonation Overview

Submitted

2024-08-25 06:56

Reported

2024-08-25 06:58

Platform

win10v2004-20240802-en

Max time kernel

120s

Max time network

101s

Command Line

"C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe"

Signatures

Renames multiple (4648) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\zh-CN.pak.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Internet Explorer\ieinstal.exe.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe

"C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 147.142.123.92.in-addr.arpa udp
US 52.111.227.11:443 tcp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp

MD5 a74e6b3fcf65465b5d4b9b91f18eb939
SHA1 3795c3ce7ef2dd7326048ec1fa658f33b2f0256d
SHA256 d6fdaeff6acd49f4c8518a76b2a193b827953b6cd2db809be06f18b1e1fc4b27
SHA512 a47ecfd1a0b806ebfb9dbd6ec02c721fd5f40e858f212ad4db5f5cc16657a13b06feaae24282d83338fb874d0bfcdee5b78b592f11522174d2281286f1813b60

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 f64e11ed65148d79f9be619a9ef9014a
SHA1 0c314c9db067d3f3738f31d7e6a9d636e901a6b9
SHA256 70ffe6787c7e3b363fc7559efd80621754273cb6c9c9b52421eb4da6f41528dc
SHA512 bafcf1303e5d7bf77ce939a688c7ef53b4ea934f742672b7007644297be90c541b694b623029a4e28f74d498e3cc313348e4aceca1577f869d55b0fe92789b73