Malware Analysis Report

2025-03-15 08:09

Sample ID 241016-njtxya1apj
Target e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N
SHA256 e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81

Threat Level: Likely malicious

The file e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (5118) files with added filename extension

Renames multiple (3827) files with added filename extension

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 11:26

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 11:26

Reported

2024-10-16 11:28

Platform

win7-20240729-en

Max time kernel

150s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe"

Signatures

Renames multiple (3827) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jre7\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Sao_Paulo.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\DAO\dao360.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Media Player\it-IT\WMPDMC.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Media Player\ja-JP\wmplayer.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.identity_3.4.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\VideoLAN\VLC\axvlc.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Journal\Journal.exe.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.property_1.4.200.v20140214-0004.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\css\cpu.css.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Almaty.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\vocaroo.luac.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdater.cer.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Melbourne.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\curl-hot.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\45.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-new.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\La_Paz.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\js\RSSFeeds.js.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\weather.css.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\PurblePlaceMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Media Player\es-ES\wmlaunch.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\daisies.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_a52_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Journal\MSPVWCTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-cli.xml.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Mail\en-US\WinMail.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\novelty_s.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_corner_top_left.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe

"C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

MD5 b00d4238100d270493a90c8a0e51ae0f
SHA1 955ede342e2afdbf6b8b28ba3e45c6e424fbe477
SHA256 f8c8df5e7f2b5cfe5396c92dbeac932b885121bcca8dd40baf9147b8187b7d23
SHA512 00502c763b92f81bcf3786b2429aa783a3375b6c167471c17678b7ea334c48280468b39d9baae7c1681a77e0673acddfb1a54968e46bbc9ab4613f2af53d5908

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 6f2da4419d8446238596727a729c181e
SHA1 35f174d87b35014b3d20a1ed655a128bfb784393
SHA256 87d2f4818e119d9d9f33ee0520ad94676159fc337c304f57153ef271b3e1df5d
SHA512 90f49f820e7976b242926ba1aa9da2023c58c293c2996e8c6d2d593f14be296b8e0f977bca6c6adb247527b1c83fc80fc8eb1cca532e3731abea74f8a94e6fb5

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 11:26

Reported

2024-10-16 11:28

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe"

Signatures

Renames multiple (5118) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\minimalist.dotx.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\openssl64.dlla.manifest.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.White.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.Common.FrontEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL065.XML.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART7.BDR.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\proof.fr-fr.msi.16.fr-fr.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN081.XML.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Author2String.XSL.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\GB.XSL.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\WEBSANDBOX.DLL.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.OLE.Interop.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe

"C:\Users\Admin\AppData\Local\Temp\e7173a5d664eab57da7b2a76d03ac3ef700135d45b499b2b3bd7badb86157f81N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 69.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 26.173.189.20.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

MD5 6b626f63cf79bf8b5120aa1a50113430
SHA1 f3bcb6b5e09875b03a4c11ecc1badd66a73637d7
SHA256 2313e2b2a37f8e79406fe3a41e02876bf5aaf0c1e9eaf2220668cdcf1b51e57b
SHA512 332f744231028a33c8144c731f03d67d02e90650545251a38349bab7198a86f08e609f9b847a96187e6aceeddd2c9b5dfb40e96bff48275f0f36a13e2acc2ea3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 e11dbd705f1b2905d28e574bbbaa2f54
SHA1 65e7966d45aa7b8fe74bd698e47e75b89e9422a4
SHA256 705a1d1e04142a2c0dec1dd5070dda5e9ae472ab185c876af020ebb8cae3f7d9
SHA512 853e3b464e85828f87e284d478b5c1ffdc43e11bd3b791437c369a23b13aa1e2884048e9ce759ab97f8d8fa035571bd3c2c1b971aa1dd6e9a1ff421ca620eb20