Malware Analysis Report

2025-03-15 08:18

Sample ID 241016-gc5mjazcjl
Target 7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N
SHA256 7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8

Threat Level: Likely malicious

The file 7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3692) files with added filename extension

Renames multiple (5029) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 05:40

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 05:40

Reported

2024-10-16 05:43

Platform

win7-20240903-en

Max time kernel

149s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe"

Signatures

Renames multiple (3692) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-options.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-charts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libkaraoke_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\7-Zip\Lang\hy.txt.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nipigon.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\km\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\flyout.css.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\rssBackBlue_docked.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_foggy.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\pt_PT\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_browser.gif.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\warning.gif.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\SecStoreFile.ico.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\DVD Maker\Pipeline.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\Microsoft.Build.Utilities.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\main.css.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.sat4j.core_2.3.5.v201308161310.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.IdentityModel.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.bmp.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_over.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\demux\libadaptive_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\de-DE\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\picturePuzzle.html.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spc.txt.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.model.workbench.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_dummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\19.png.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.artifact.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe

"C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe"

Network

N/A

Files

memory/1984-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 39baec163499e74bb1e2b66a1daff0fb
SHA1 b53fed00513ba20ccc40cababbd39c26e1695835
SHA256 90ab576023489452ec2d3d7dce466eefa34ce813865803c0775547e3136f80a8
SHA512 d6d35350e94218e658e8f9908ae296db9bc9a3ec59c9f60af43fe8543efe6786e87342847ee713ecf4a0291915cf431f47bb439dcf4b876c3512db486ddaf822

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 fba35a2967d60ae3aea138bba95ba649
SHA1 1ee4b8f95b3a8f310a6cb2066d4be8c4c8b3a1b4
SHA256 4727a45966075e53f3931d8a88ee45da079780d40ac824d19ba5c95bfd6507da
SHA512 a0123619fda329dbbd678a4c71bb56b4325e06a7b141d43b09428e9950731b3fb5f58155f84c2b1a2c41e5f7704b1505c1f92388eb2dad88c5d8e1db176330d7

memory/1984-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 05:40

Reported

2024-10-16 05:43

Platform

win10v2004-20241007-en

Max time kernel

149s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe"

Signatures

Renames multiple (5029) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Handles.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\GRAPH.ICO.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\msipc.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses\c2rpridslicensefiles_auto.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\release.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MINSBROAMINGPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.OpenSsl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL107.XML.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\CompressComplete.avi.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_100_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMICAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\7-Zip\7-zip.chm.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.Xml.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwritalm.dat.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\linesdistinctive.dotx.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Cartridges\sql90.xsl.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\APPLAUSE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019DemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe

"C:\Users\Admin\AppData\Local\Temp\7e273cd14a3e9324224eab4f481d8ae9baaf3785809981c390bd317d6d94d1a8N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/2940-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 397a3689d18ac1b617107e01247b326f
SHA1 c4ad37b8277f087fcb4b992350f740c3b4337027
SHA256 3cbb8c13b51a2817c6cbf3ca5893ed5070a6bc781884ac8b5939fce5efe1e8b5
SHA512 c525c2e14d1ed4d9b0ba7a22b932a696a03eb407f22f857a7f89123aeb2fe31265a838d9f5b17c4096b5f8e7d7ced2769e84d3b94bb37e3ddc0a7b8ff8250007

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 22bda507973e43ba342772fd59beef6d
SHA1 e33df83566075111b2aa375035aecebc762e5480
SHA256 765a0f4aeb047fe111cffb297d046ed644e2fd750b5d6df61949b860782a18f0
SHA512 4344f189bf4011f9d65a574cb6f8c20e1876fbe0c43caed7a7bac35e5c65da098e20528c4056ffa4db5fe40beaba9bdd96577c707daa628a0246065df23b7772

memory/2940-670-0x0000000000400000-0x000000000040B000-memory.dmp