Malware Analysis Report

2025-01-22 20:13

Sample ID 241016-xwl8as1clm
Target fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN
SHA256 fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58ba
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58ba

Threat Level: Likely malicious

The file fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3233) files with added filename extension

Renames multiple (4652) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-16 19:12

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-16 19:12

Reported

2024-10-16 19:14

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe"

Signatures

Renames multiple (3233) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Novokuznetsk.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_winxp.css.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\release.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tahiti.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre7\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Workflow.Targets.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\custom.lua.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\7-Zip\Lang\bg.txt.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baghdad.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Helsinki.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\7-Zip\Lang\ko.txt.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\7-Zip\Lang\lv.txt.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-ui.xml.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\co\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-masterfs-nio2.xml.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txt.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Tunis.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Funafuti.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.filetransfer_5.0.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-utilities.xml.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr\default.jfc.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe

"C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe"

Network

N/A

Files

memory/276-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

MD5 10ff41fbc59539e9c1868cbfbfeb08f8
SHA1 4a9ccad1de65a3adfcada3ab82dfbe79de2a0260
SHA256 76690e04d762554851bd7d7153c32f8c4b0c0bd818006fd64dde6ad7aa6bf30a
SHA512 29404c77869b4abadfb44d98f1e480d36c606dff37fce8a805c66260fcdad106a2975aec4a60b6486ebfb031758c0aae931150e641fe8e6717c3d3f43a5803ab

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 0c9061c6b74ea2ea360813efc8423fcc
SHA1 c67f43acbe66b74fd837999401de0bf0c1ee7551
SHA256 939b4dde60c7bdc8f7289d067be826ef3c592074cdf7a55310ce8f176f9c56ee
SHA512 0c9cf27062974db817a60cdde6e59233a8bdd378dbf5d9440c6d6b8560abffc78782a433b78ee8d7be98bd1696fab71e4e41e87f1fc75d838292717efec90745

memory/276-69-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-16 19:12

Reported

2024-10-16 19:14

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

109s

Command Line

"C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe"

Signatures

Renames multiple (4652) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.TraceSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.Win32.Registry.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javap.exe.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-datetime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Internet Explorer\sqmapi.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\7-Zip\Lang\it.txt.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Common Files\System\wab32res.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Algorithms.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\colorimaging.md.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART8.BDR.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\ZeroByteFile.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\java.exe.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\cldr.md.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\ffjcext.zip.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Web.HttpUtility.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\psfontj2d.properties.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\bcel.md.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwclassic.dotx.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.Serialization.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe

"C:\Users\Admin\AppData\Local\Temp\fa9f5c38fc05b57dd4a9220633b4a1301bbd8025c36dd41f2241934420cb58baN.exe"

Network

Country Destination Domain Proto
IN 13.127.210.30:443 tcp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 99.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 27.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/1420-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

MD5 909128db2bc823cc3c9ebc1dfa38fa20
SHA1 fba4376a98517e3bae2e9ed8f9e1bc592f3ecef0
SHA256 6510d81ed957f696b2e9e7960584389b2ad27c934838aadb974e0801559e165f
SHA512 15e818e5bb3036a586e00e8553288e6c3e63f90a8fb826b31268c7aff8d3d2d8243773c24dc428c9f32ec9166f09dd524328f6b5e82c37c22e1197695cfa40a8

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 896444768fa7d9aa569bd3d145b28b70
SHA1 c46b004689dc08939a4163c9e56deea264c29973
SHA256 9066d48691d06696048fb70b11b1898fdae30660edae97b8bf5affe54f1a16c4
SHA512 2b3e266c63a2fb8ad99351283402e6118321ca88a5cc3ebe7956c35b9ceeb87a42281c5f6a452b51f1fc4df4d1b17365151d73aeabc38ea067e1cbfc4a2f13a0

memory/1420-672-0x0000000000400000-0x000000000040A000-memory.dmp