Malware Analysis Report

2025-01-22 20:13

Sample ID 241016-xw7t1a1cnq
Target 53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de
SHA256 53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de

Threat Level: Likely malicious

The file 53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (1755) files with added filename extension

Renames multiple (614) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 19:13

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 19:13

Reported

2024-10-16 19:14

Platform

win10v2004-20241007-en

Max time kernel

60s

Max time network

38s

Command Line

"C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe"

Signatures

Renames multiple (1755) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.UnmanagedMemoryStream.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\7-Zip\Lang\ta.txt.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_wer.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\ThirdPartyNotices.txt.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\micaut.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.ThreadPool.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemCore.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Globalization.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.ILGeneration.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe

"C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 72.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 73.209.201.84.in-addr.arpa udp

Files

memory/640-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 0ed080c2f81a403df537b89e394a67ba
SHA1 1090f01160108dba0f32b4fbbc114d2742c890f7
SHA256 56756e5a392dc2b61894f9293ec382b966f46b55def494a7ba7d7f316a1fde35
SHA512 d828e05bca1c22a35899393efb78a9f2fd417626039f5569d68e71dc94e39721bc61e2a9a1ffa801ef685402cb5e340cd5c7563fbf05b0ccfeeb27477a129423

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 2f736d578af46aecb20e0ed7f5d6ffea
SHA1 43e85f77cf9d6758fb1ca2271d97a2fc2bf8bd77
SHA256 361e53b914ce6a63da463bfd21cac7e834b8a4601f1d4ee10a1ace22780f625a
SHA512 b36a868f942dec74ee85dec8f1156dc71749d0a9a50179b173bd0793b72367479182a1057d0b9cd7039a5798aa07eb91b86e4ef49c090af07bb814e057cda353

memory/640-656-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 19:13

Reported

2024-10-16 19:14

Platform

win7-20240903-en

Max time kernel

60s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe"

Signatures

Renames multiple (614) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Internet Explorer\pdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\7-Zip\Lang\mk.txt.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\7-Zip\Lang\uz-cyrl.txt.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jawt.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\7-Zip\Lang\uz.txt.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\7-Zip\Lang\yo.txt.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DenyStart.wma.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\jni.h.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\7-Zip\Lang\en.ttt.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunjce_provider.jar.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\7-Zip\Lang\ne.txt.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Internet Explorer\en-US\DiagnosticsTap.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Internet Explorer\perfcore.dll.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A
File created C:\Program Files\7-Zip\Lang\mn.txt.tmp C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe

"C:\Users\Admin\AppData\Local\Temp\53b8ea548c88789abdd081b85f2df096a9d7145ba495337cb1dbeca4410e20de.exe"

Network

N/A

Files

memory/264-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 b96cf6ee35fe07517be637add704a1b6
SHA1 e4e4b8195920982f4ee1eaaf6335f4d2a51c52da
SHA256 72e1ca3b54902f5a15bdd89fc0fbaab41ffb9903666b3264e822bdedb04c0427
SHA512 f1a4c52a80115282dd7e561c56e41c62fb9b3ee84c662c800bb8629332ded53024ebd6975feea2390905066e73cda19d284f083a2968b007006d673c300f1faa

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 13b913253e1978348d52b64bc4a476c0
SHA1 95921f4221a857ba7ee5fb4d4705faddf51e3570
SHA256 8a506a6a8d6ec6061d194e035b372b583993e72cccf90997312421d676d3aca7
SHA512 aacfb3e234b01a1b2d7d620ccf9ff7091f2cdfc7fb8560e45e58b584f369a76549d02f298988e15a920689dda6d19ac0890595e7b4ab039ad8682d72ff3e1321

memory/264-74-0x0000000000400000-0x000000000040B000-memory.dmp