Analysis Overview
SHA256
54bef597cacf1f5d826f943614e2fe79767c71b33b468d27322dd7fd3950bd63
Threat Level: Likely malicious
The file 182520a708225d28daedd10116406130N.exe was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4648) files with added filename extension
Renames multiple (3228) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-25 06:56
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-25 06:56
Reported
2024-08-25 06:58
Platform
win7-20240705-en
Max time kernel
120s
Max time network
17s
Command Line
Signatures
Renames multiple (3228) files with added filename extension
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-uisupport_ja.jar.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\codec\libfluidsynth_plugin.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-io-ui.xml_hidden.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Chess\Chess.exe.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Net.Resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\vlc.mo.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\ext\jaccess.jar.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jre7\bin\eula.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\intf\http.luac.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_srt_plugin.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-11.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_ja_4.4.0.v20140623020002.jar.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-4.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\fur\LC_MESSAGES\vlc.mo.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\el.txt.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\chrome.exe.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-multiview_zh_CN.jar.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-execution.xml.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\.lastModified.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\America\Creston.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Mozilla Firefox\api-ms-win-crt-process-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\codec\libuleaddvaudio_plugin.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\7-Zip\License.txt.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core_2.3.0.v20131211-1531.jar.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Linq.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Europe\Sofia.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Cape_Verde.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\hy.txt.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\.lock.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.nl_zh_4.4.0.v20140623020002.jar.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-icons_222222_256x240.png.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe
"C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp
| MD5 | 1842089f89ed69323b3643c281b1f2d3 |
| SHA1 | ce13f4b885350a0c657c3ac97c6a84bcc62a504e |
| SHA256 | 629421714d05b293e57bab66b608bac7dd37d665fac9f138acb8090b0e6791e5 |
| SHA512 | bcdd0b2b3e292cf76056b4660b2dd59f5526ea875b682579ec3f5c4f465667936d3936b61fa03aaa388ce807ae8e7075245a5fca2c27ba3b905574b8c6e30424 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | ab2f8dacd501c6e8883c076997dd28bc |
| SHA1 | 3f522e03a5ac17a43ca5de0733f573b78238d0a5 |
| SHA256 | 4c6168aa0f7fe378a91c5341e9e2e946d8521dbdf33f94cfd7fbbf83f26f34c3 |
| SHA512 | 0a7b92979929bfb9d3f06cb27f8456b95889e2348552103c1c05edf95f44c6e27254cf4cf5177af12e85fb8c78553c814b37223c437412b2f1af6062887d227e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-25 06:56
Reported
2024-08-25 06:58
Platform
win10v2004-20240802-en
Max time kernel
120s
Max time network
101s
Command Line
Signatures
Renames multiple (4648) files with added filename extension
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Numerics.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_KMS_ClientC2R-ul.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Ping.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\legal\javafx\glib.md.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Concurrent.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\legal\javafx\webkit.md.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Franklin Gothic.xml.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\cs.txt.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\PresentationUI.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\sunec.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Yellow.xml.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Intrinsics.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\java.exe.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\word2013bw.dotx.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.WindowsAzure.StorageClient.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\jps.exe.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\wsdetect.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\zh-CN.pak.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunjce_provider.jar.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_KMS_Client_AE-ul.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TextWriterTraceListener.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-180.png.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.IsolatedStorage.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\ReachFramework.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Internet Explorer\ieinstal.exe.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\nb.pak.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoCanary.png.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Retail-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe
"C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 217.106.137.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 52.111.227.11:443 | tcp | |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
Files
C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp
| MD5 | a74e6b3fcf65465b5d4b9b91f18eb939 |
| SHA1 | 3795c3ce7ef2dd7326048ec1fa658f33b2f0256d |
| SHA256 | d6fdaeff6acd49f4c8518a76b2a193b827953b6cd2db809be06f18b1e1fc4b27 |
| SHA512 | a47ecfd1a0b806ebfb9dbd6ec02c721fd5f40e858f212ad4db5f5cc16657a13b06feaae24282d83338fb874d0bfcdee5b78b592f11522174d2281286f1813b60 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | f64e11ed65148d79f9be619a9ef9014a |
| SHA1 | 0c314c9db067d3f3738f31d7e6a9d636e901a6b9 |
| SHA256 | 70ffe6787c7e3b363fc7559efd80621754273cb6c9c9b52421eb4da6f41528dc |
| SHA512 | bafcf1303e5d7bf77ce939a688c7ef53b4ea934f742672b7007644297be90c541b694b623029a4e28f74d498e3cc313348e4aceca1577f869d55b0fe92789b73 |