Malware Analysis Report

2025-03-15 08:13

Sample ID 241016-jcbesszakh
Target 3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N
SHA256 3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569

Threat Level: Likely malicious

The file 3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3236) files with added filename extension

Renames multiple (4655) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 07:30

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 07:30

Reported

2024-10-16 07:33

Platform

win7-20241010-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe"

Signatures

Renames multiple (3236) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-execution.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Lima.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\zu\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_de_DE.jar.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\it-IT\bckgRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\VideoLAN\VLC\COPYING.txt.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\7-Zip\Lang\bn.txt.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-modules-queries.xml.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\features\[email protected] C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-core-output2.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kabul.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-oql.xml.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jre7\bin\t2k.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\7-Zip\Lang\lt.txt.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\manifest.json.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\ResumeWatch.dxf.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\bg\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Internet Explorer\ieinstal.exe.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Routing.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\dialogs\equalizer_window.html.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Bermuda.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\jhall-2.0_05.jar.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jre7\lib\net.properties.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Godthab.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\dt.jar.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\day-of-week-16.png.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe

"C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe"

Network

N/A

Files

memory/1944-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

MD5 afad28f39d76110c5e900e14666d9349
SHA1 3b68f84b3527d3e8b5fea2769a7fa2917f0d99a0
SHA256 f9c163d28afafdcf4484a22d97e2ab13c1483cc59ee20480f06909a7116693a0
SHA512 60fe86062dae008ddf106227848562631bda67e0197acd4ad07db7a4e385d8f9735cd8f637fae2fa8a6b9c612712764a734028dca53a9d8df0cd02c4412123b3

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 032b53d5f89d28dfa4d876351c17203d
SHA1 1ebf912401bd6ea8862396494dc4ce22bdef61a3
SHA256 ba8bc4d59240e21db06bc2fb14c3e397fe5ef19033bb41cf823e7219ab59f75e
SHA512 216774768a1a77eae7583b080330b85e9439fd27c4bbab46267eef851d4c157a8d54fef14edaea6e04fc84189014a5ec7c91180b1db06449dede3d4b3c1f13fd

memory/1944-71-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 07:30

Reported

2024-10-16 07:33

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe"

Signatures

Renames multiple (4655) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusE5R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.ReportingServices.ReportDesign.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\123.0.6312.123.manifest.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\prism_sw.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jopt-simple.md.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\dxil.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.DataStreamer.Excel.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp2-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\it\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Configuration.ConfigurationManager.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\kinit.exe.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\orb.idl.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Wisp.thmx.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLINTL32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe

"C:\Users\Admin\AppData\Local\Temp\3fe103f450f012906bc1f4a747fea9e2b33ad1b10910c6185c93010d1ed79569N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 56.163.245.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/4452-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 0a5c83a396cd0b3a1acace5bb7acf659
SHA1 11667fd95da981313b1ea9083ef60cb33d804d8f
SHA256 315f898bb77d659867e8b1dea64c2d7935307bd2607eb9f767f65d8f9a2c507c
SHA512 f8100b0b6583688cd92a4750aa0a4d15784e3eff932b11e0ceacea02430b4f8cbf3c39d73484be3d957b7c0a3a591aa3529d8ff62b5fe21925e1238f5d625767

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 e260fe01b39cfa76df1ad6cb8f23a554
SHA1 c8d6b9cd6c12f957d9537fc43936ba18938fc993
SHA256 1d1cc23fd491ecfc25ed74c67c93b43dc375010f8d287247094def2c0ba65fab
SHA512 6ecee261983039c647dd096ca7c866ef1b72c9f533af6bdbe0979e61abf6985e011c32d5685f19694c2f86b93887c8d36e71eb12e089f043f1c5c7e266c210c8

memory/4452-783-0x0000000000400000-0x000000000040A000-memory.dmp