Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-gysj4awfqd
Target dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e
SHA256 dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e

Threat Level: Likely malicious

The file dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3784) files with added filename extension

Renames multiple (5037) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 06:13

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 06:13

Reported

2024-10-16 06:15

Platform

win7-20240708-en

Max time kernel

149s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe"

Signatures

Renames multiple (3784) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_udp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-bootstrap.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Mail\oeimport.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-threaddump.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\weather.html.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\MST7.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\js\highDpiImageSwap.js.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\7-Zip\Lang\sq.txt.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\Microsoft.Build.Conversion.v3.5.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can32.clx.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-common_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Media Player\de-DE\wmpnscfg.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_s.png.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_snow.png.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libvhs_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\visualization\libvisual_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\logo.png.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\brt04.hsp.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Rome.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\currency.html.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\search_background.png.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\ReadMe.htm.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jre7\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jre7\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bogota.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Defender\MpSvc.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\cpu.js.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-docked.png.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\XDPFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\WaitUnlock.DVR-MS.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe

"C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe"

Network

N/A

Files

memory/2416-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 f87c71e6d9f1f0b323be12d99ddcffc1
SHA1 1b2553a895b06a8d03849c171a84f54793b812b7
SHA256 4bfa4d3c8a81e86d2582c5c02660d8b7623660a77f56c3f13530e0b94109abd3
SHA512 12d0f80c52d5190a8df5123430cb156de596096c205c28de0f452e0494d94c42a32d25af582a9b04bbb8de7956df2a7798dd0751d0e580d70422c343f8c1c0d2

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a05b9c083ce10fef3366f1bbefe34ee5
SHA1 4405c95dec42b187da7ab80e2b474eabcd6a7f2a
SHA256 ce8b143c4a486e96e7f4d37a8d6037e981a1037dca2f2712213e5871807bfd3d
SHA512 e1cf7bb5e4d572e6ae51b5e62c5844f1de9f9332329d59ca72f56a7233211c43daea8ecb88a3380618d5579f8c43785d9c0ceea158b28be3fe08df134265f8e3

memory/2416-71-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 06:13

Reported

2024-10-16 06:15

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

123s

Command Line

"C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe"

Signatures

Renames multiple (5037) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7cm_en.dub.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Resources.Writer.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessVDI2019_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\cryptix.md.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Office 2007 - 2010.eftx.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WINWORD.VisualElementsManifest.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Wordcnv.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.ReportingServices.QueryDesigners.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfont.properties.ja.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\MSOSEC.XML.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 8.0.2 (x64).swidtag.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL097.XML.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.HttpListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Library\Analysis\PROCDB.XLAM.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe

"C:\Users\Admin\AppData\Local\Temp\dd853aa5bbc68a4acd71309a0298e22c536763b0b75b0697b5eea77d695ece9e.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 88.156.103.20.in-addr.arpa udp
US 8.8.8.8:53 133.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/3456-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 d0d73c6a78c652599fa7d9d10a067117
SHA1 8d5c2a10c0e12249db86ce3bb1d948b4848f759c
SHA256 cdf8000b8aae5353918ab0381158487060e27def346bc9ee9b1f3a5a5f622fa0
SHA512 30832169e51ac5baa46d6962f4ca009144d2e0df007ccbd82ebd1690e8e015e05087af06a6c50d4bc7da49cc6973db8f28b03a1777e126afe11bf8c5655e7e21

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3f7d9e215f404936edc922a9fbf7cef0
SHA1 4b60bb820b07b7586a7ecadc029c927da34d38d5
SHA256 df028df7889e1370795be0e7f10f7e3665687949a97f921605c403a8c6e6554a
SHA512 938a9d715fb8b0dbc7d9c7f5ac1bf73a4df0be15166e18dc354dd6c909e27efc727a83df60d67807d09ce1c0e2355746de5b43fcce2a17bbb3236978e9d78d85

memory/3456-778-0x0000000000400000-0x000000000040A000-memory.dmp