Malware Analysis Report

2025-01-22 20:16

Sample ID 241019-22cchawfnr
Target 24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N
SHA256 24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4

Threat Level: Likely malicious

The file 24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (314) files with added filename extension

Renames multiple (4492) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 23:04

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 23:04

Reported

2024-10-19 23:06

Platform

win7-20241010-en

Max time kernel

120s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe"

Signatures

Renames multiple (314) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\7-Zip\Lang\cy.txt.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\7-Zip\Lang\ps.txt.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\7-Zip\Lang\ku.txt.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\ExportInvoke.rm.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\7-Zip\Lang\ext.txt.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\7-Zip\Lang\kk.txt.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe

"C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe"

Network

N/A

Files

memory/2592-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 57224f6e8a9a4e3c1678ed0869e7b3c2
SHA1 f69b3ee307f72b20b217c7aee8fd6faa18d42bcf
SHA256 a9769897b57a28da2bcffccf42088d22cf4c45320b3a98d442e7d78b505bb553
SHA512 1d33d0d2fe3a012eb30a1d5a121dd500c9e86203c0577cb6774e34c345fae63af7a0b20eb4c1f848b3992d22c55a48d967cba5d2098f08b8ca48ff430ecba712

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 acca7f89671442e37fb707c37f396901
SHA1 706d7562ef906c30eeeba2f42fa4262dfdff252c
SHA256 4a2c6a7d2b647e37c5892c6d4e7fd18f878cb069de1af5764025d82a07ba0678
SHA512 e62527657a6d470bb6a05cd52c2daad7c5c1ffc2a5d1ff1b0e30ef8f359c44078ecd16b112ff230e07eddd63c26d0d513655928c1cb79f872a13fb216d2d1796

memory/2592-26-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 23:04

Reported

2024-10-19 23:06

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

102s

Command Line

"C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe"

Signatures

Renames multiple (4492) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.Diagnostics.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\7-Zip\7-zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\bci.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelInterProviderRanker.bin.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.Emit.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\IEContentService.exe.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Security.Permissions.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\santuario.md.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-conio-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PREVIEWTEMPLATE.POTX.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libffi.md.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-multibyte-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Http.Json.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe

"C:\Users\Admin\AppData\Local\Temp\24b681fdc8e8c0e8e661303df96976b6da6b2ab339878e0a997930b8702d3af4N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 45.19.74.20.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp

Files

memory/4456-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 36e6be7778b8ac518290676ec274212e
SHA1 fecfe4930b28ac54c5ce3a1f758dbde7eb123128
SHA256 e5cb3ed229e9f6062d3dd6fbc0e0aa09dbde9e46ebd5cf25d2e1ab125315a371
SHA512 7a1e6228427cb9a0ff4cb81381a1076fe1520545e323e21fd5629ece02c6e19dbc3e1f12502893bdb903abd9f838b8580e47c853bc0df83b81d32e4b6c548e5c

C:\Program Files\7-Zip\7-zip.dll.exe

MD5 ce5f30775cb3c8371736ad43ffb15537
SHA1 f6187ccbb7a6a0acfb112b2f1449fa3394c523a0
SHA256 d0b22c0444ae2ff06892d22db627ae9a41e32df0224f3f7d20335802d3e7f409
SHA512 7db7fe70c038bf52c169cf8d14b448a322a9293592fbcf7bf3ea5e460e1b74732e7330524f733f1afe2a82a1d9a1d7be8666e06de8415a08e50aad7503161191

memory/4456-662-0x0000000000400000-0x000000000040B000-memory.dmp