Malware Analysis Report

2025-01-22 20:31

Sample ID 241019-31z8lsyflm
Target 93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb
SHA256 93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb
Tags
discovery ransomware
score
6/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
6/10

SHA256

93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb

Threat Level: Shows suspicious behavior

The file 93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery ransomware

Enumerates connected drives

Sets desktop wallpaper using registry

Drops file in Program Files directory

Drops file in Windows directory

Unsigned PE

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Modifies Internet Explorer settings

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-19 23:59

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-19 23:59

Reported

2024-10-20 00:02

Platform

win7-20240903-en

Max time kernel

117s

Max time network

117s

Command Line

"C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe"

Signatures

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\TranscodedWallpaper.jpg" C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\RCXD8FD.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Windows Defender\MpCmdRun.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Windows Mail\wabmig.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\RCXDAAE.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Windows Defender\MpCmdRun.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Windows Defender\MSASCui.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Windows Media Player\wmpconfig.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\RCXDAC1.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCXD7F2.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office14\RCXD9E9.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmlaunch.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmprph.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\7-Zip\RCXD72D.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Microsoft Games\Chess\Chess.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Windows Media Player\wmpnetwk.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\DVD Maker\DVDMaker.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Windows Media Player\wmprph.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mip.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Java\jre7\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Windows Defender\MpCmdRun.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Windows Media Player\setup_wm.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Windows Media Player\wmpnetwk.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCXD88B.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\RCXDA6B.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Windows Mail\wab.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RCXD7B1.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCXD819.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\Chess.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Windows NT\Accessories\wordpad.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Java\jre7\bin\java-rmi.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCXD7E1.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCXD7F7.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\VideoLAN\VLC\vlc-cache-gen.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Windows Media Player\wmpenc.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Windows Journal\Journal.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Java\jre7\bin\jabswitch.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Windows Journal\Journal.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\RCXD93F.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ielowutil.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\windows\readme.1xt C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\windows\WallPapers.jpg C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Desktop\General C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Internet Explorer\Desktop\General\WallpaperSource = "C:\\windows\\WallPapers.jpg" C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe

"C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe"

Network

N/A

Files

memory/2324-0-0x0000000000400000-0x0000000000450000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg

MD5 0d472c9720e55e9c249207de6c69722c
SHA1 7244426a440a268cb37b49005812b8f20f052776
SHA256 bc1d3cfb69f97bc930af3af7be8601e60eb1cc78516aa844e41c65e51c316de3
SHA512 f77bf33604691e0f21f1f3548187153495aad5cd5beb80b409ff50c71502e5303ddb7d64b652edc5b4177bf88e8cee0df914f91b9532b9b1116af32050291cca

C:\Program Files\7-Zip\7z.exe

MD5 e2debcd3ac3de761dd9fcd6bb28577dd
SHA1 3bbcd749a8c0d112f6fed70eb3272a52a09196ad
SHA256 3b09382190bcecbb889204f931f9318fb2f35e0b1b4a78de6321e836e35a29e9
SHA512 4cf86d1b10e2d04e8eef385ee853fb9817d9899e58518e4829f3f2282a06e9b5b650e6585914d964f437c534b74021d1a1a4535edb22ca7727c7354db53590d7

C:\Program Files\7-Zip\7z.cab

MD5 9a1dd1d96481d61934dcc2d568971d06
SHA1 f136ef9bf8bd2fc753292fb5b7cf173a22675fb3
SHA256 8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525
SHA512 7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

C:\Program Files\7-Zip\7zFM.cab

MD5 30ac0b832d75598fb3ec37b6f2a8c86a
SHA1 6f47dbfd6ff36df7ba581a4cef024da527dc3046
SHA256 1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74
SHA512 505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RCXD7AF.tmp

MD5 8cd2aa0ee0b335031b8e62cb7dc9da1c
SHA1 4e0467fd9bf84aff97d3b28c699adf5dee7026cb
SHA256 a4cc644fae1146aeca0b570e8c8ab67e7d1869662c1c903d6a8ea53337aa9c5d
SHA512 c1397efbec996b47e98369722a4afcf080e6c7e107f062d171367e69ce08c6b585b52381feb894fefea48c511585b5bc65ee34e58083e30a5faa1662e4a108b0

C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab

MD5 f45a7db6aec433fd579774dfdb3eaa89
SHA1 2f8773cc2b720143776a0909d19b98c4954b39cc
SHA256 2bc2372cfabd26933bc4012046e66a5d2efc9554c0835d1a0aa012d3bd1a6f9a
SHA512 03a4b7c53373ff6308a0292bb84981dc1566923e93669bbb11cb03d9f58a8d477a1a2399aac5059f477bbf1cf14b17817d208bc7c496b8675ece83cdabec5662

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 464a41e396cbd738e03d692627b39fc3
SHA1 71017bdc7d5e370fd83969959e25c4fbc186c56a
SHA256 e52a1d8c8b3b4e0f1f717b4a6ce05e088103cc2c1ab6df1be8ce8e0ffcd9b1d1
SHA512 b9d0a6484a476755a5abeea2d8d8ed033148f40422241e11d7d502d23aed098aef516ec0b4ebe82cfe4b1b7d608151792e664937e951a02d05f7ed23f3c89cff

C:\Program Files\Google\Chrome\Application\chrome.cab

MD5 095092f4e746810c5829038d48afd55a
SHA1 246eb3d41194dddc826049bbafeb6fc522ec044a
SHA256 2f606012843d144610dc7be55d1716d5d106cbc6acbce57561dc0e62c38b8588
SHA512 7f36fc03bfed0f3cf6ac3406c819993bf995e4f8c26a7589e9032c14b5a9c7048f5567f77b3b15f946c5282fc0be6308a92eab7879332d74c400d0c139ce8400

C:\Program Files\Google\Chrome\Application\chrome_proxy.cab

MD5 b65d7344b0a7faa207d2e1a7adaafb60
SHA1 755ad15b1745b0e730d658d4a92e2b754425b7db
SHA256 f4b91fbbcba8a46eefe4965e4a24c6ede3decbd1fec96e141a1953173efd1c92
SHA512 f17ac73c2df7c73a31b11ce0f533d6db91bdb0cdeea653dcd52ac72c3cf28da0c236b79586ddc7a6c825fdd171290722f888465e776f12ac2cae75be82726b22

C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.cab

MD5 527e039ba9add8a7fac3a6bc30a6d476
SHA1 729a329265eda72cada039c1941e7c672addfc19
SHA256 4b8a72fc81b733ed2e6e70d4c5401f954002783dbf14927849ad579860780b94
SHA512 9e73e14e33a5f07a87e9c1fecfdaee09d1408471052aacfde3d1e877dad4d253b525ebefca6bddabc23cf81d8dcce0785aedcc2f135d171ecbb1feaeb922c449

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.cab

MD5 ec6386b63c3a5ffe0577905e94262c3a
SHA1 8f8c428d0e7f32c9d733ca28384ded413a060588
SHA256 302c968ab3e1227d54df4e72f39088d7483d25eeb3037f0b16bc39cef2728fa4
SHA512 ddbefb759858493de1f9d7addc6ff4488c8be3164374e0a88c3cbe97751510005dfe6d91c5499fcbdc35aa33a8eda2d45591a66e54ab9462277dc833faef77c3

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.cab

MD5 2161730a7ae00a1fb8c5020a43be949f
SHA1 8db6b820472cdfa266c874e0d3a9395412995aa1
SHA256 07e7896b2304e3b9966294a02d2ed32f41994ee7bd0a284e4160743edaeb9e15
SHA512 aa3659b6184f4273b7fcf1f7d2cd0a5a9129b8856d15e4ca8904b709e85cd432538ce0510ca9777760a1a9d5391671232a79908860e7d665260a54910f6fea5a

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

MD5 a476d0e3c77ccfaeda701ed15c113b47
SHA1 108673ed83549bb957838f711441c5b00e46eb82
SHA256 00e8f4d20c701edda12105c5db02b547d8769ca51120b66a0005ac9d33b28105
SHA512 f7509cc98b482190e2585af90a7ae5af5a330535d657a0a85def1ad30c5f42790fc9d9fea14d70795a4bdd37ff7983ee4bbb4876f9ab768d99e3a4a17e2f55e2

C:\Program Files\Java\jdk1.7.0_80\bin\apt.cab

MD5 407d2d7dab36cdea871d4c6b9c62b258
SHA1 86cd158ad810c6772c22a5799c7acf4b9d7c9f57
SHA256 3c040679ea4be0cc5ca20c9f24caf6c13d3002560347e7446dc963b611523bd9
SHA512 dcdb53a3ca2a3637216a9d8133d1dbda336a6d3a98c6b956af42f94adbc136dc5a0245e87512d0314f23dbf3cab4900bc40ac13c79ee93a677d93a89e0cd9e17

C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.cab

MD5 c9aaf1247944e0928d6a7eae35e8cdc4
SHA1 af91d57336d495bb220d8f72dcf59f34f5998fd3
SHA256 05b153ba07dc1a262fb1013d42bfc24d9000ce607f07d227593c975cdf0bb25b
SHA512 bf3bc64135810948626105a8f76dc4439e68ee531f20d901c3082ae2155f2ea35f34d408de44b46ede61ded832fcc61ac1cb9719e432f0f07b49479c95847e51

C:\Program Files\Java\jre7\bin\jabswitch.cab

MD5 e795eb03297dd66d2efac2c33920a69f
SHA1 bf41799164d6ab2690c39afa458122ed82f2d0a8
SHA256 133afb441f29c697a5232752483ef2eecc297446f6db941bd68af7ed056cecf1
SHA512 6a334a07afadcd5c29c30add22142392bdc70d8ae0f36140f2ba7c9b4e70a9efd87b7fbd8b3ef862cea7aebdddfd18bb0521308d9a69070ae4a84432f522c4ef

C:\Program Files\Java\jre7\bin\java-rmi.cab

MD5 d3827115574d8b0ecbaeb03528c6d1a4
SHA1 2733607537ffc00e038039af7eba24601db6fbeb
SHA256 6ad5b065b3f612d89127b89033aaaff995942187f917144dbe28e656c3ba348f
SHA512 2a1f131960f452d1012a43597f2ac9df0edc22b6aa68fd52eabf4a4249d86c7776d625e00e7c5dbd4f35add9e31cbc02674be40714f9aa5f3a2f458419303c18

C:\Program Files\Microsoft Games\Chess\Chess.exe

MD5 faba9d7819e1d788c77c567cef665416
SHA1 6fddbd3e342a0977a08716f5aa76383c8373123d
SHA256 f99b657f81405544e14b2077391e4fb40cd95da991330330962934bdc10968ba
SHA512 609b9a6097da9e767ebe66f6c7d79e24adb85e800216d3adff07127ee693eb1cb953ecf3ca1cd54a3a589aebbbd1a8d04f61724b64edf7f078a6944289387472

C:\Program Files\Microsoft Games\Chess\Chess.cab

MD5 07dd9dcd1cc2840751a1f8772f3c0195
SHA1 c6203a3990cfbf396ae87110e341f773cd6be4c1
SHA256 9b39147e1ba781ea8e463c22700f6ce354ac5e775e36657fd87bf41074835602
SHA512 5e547dc18a2b44a6dd67f6b43ee5b5b1bbd4ec1e8b5507b0d990837a7adb72b66808e7487f97062d54e4d3c2c7b791e3b580c9ed316e9d003849f7a6f6a3d56b

C:\Program Files\Microsoft Office\Office14\MSOHTMED.cab

MD5 78e89dc545e6374c4e6c09c1d3ce0466
SHA1 bcbfe02e7fed041894db6404e60690d02301b763
SHA256 fabc7c12fd6523338f8adb3fefcaed7f213afe95e784ef36ecdf42da67421ab1
SHA512 6f4dbd49e79c5e540ea9b35e4acbcaf7c294781691ee4681580048aa75671d9d3f48c4d474ec834d9c193d2c597302554a6ce6c10651a4cc9d11db284b0884f8

C:\Program Files\Mozilla Firefox\crashreporter.cab

MD5 73603c36b4d1522c3402d67ecf657312
SHA1 6a964ae5d681455c320ea0f8611b79a99a35b283
SHA256 7fb934da4bebc1cb81c3e9f5be4dbb3e43aa8098b6e63f5e0b97b3cc105830b4
SHA512 5fdc5f8ab72bd05ebea6068c896a7805211a9bdccf0167f48ac456a1e4283b59001e588d7349e34f8511fa297f98af8d5140c883e6d4a192af8d350a433c0238

C:\Program Files\Mozilla Firefox\default-browser-agent.cab

MD5 3fa2910cbd44b17be47ff26ef27c5157
SHA1 d8a2bbcd3c88671b48478db293c61268fc24accf
SHA256 d448206c75c51f8a44a1c7fd5dabb8b0505f670ecb2e5d2adf55791b9cef1b0c
SHA512 16b70c679db2ba74a98f99956984fa044e96c821ccd5521b4882134c705b823674891d0521dc49c2391d5c184bbbd0c6d68890df65aad1972113aeda4f3b944a

C:\Program Files\Mozilla Firefox\uninstall\helper.cab

MD5 d358e785b13cdb7846b3ec8b74c3ce43
SHA1 8581ec4bcd412733f64ed547b7b63bfec0caab7d
SHA256 3cdb1c6e5f4a607bc310b745d551b59eca0aac02cb83da146bedc52aa05a6beb
SHA512 451a4a6003d1ca1de98ea291537ca793621e4e23a75fa39e05320737bcd6bb4242d4fefa4c7458399fb54a5414635c3f67c8972377183b289fbb05aa13c91629

C:\Program Files\VideoLAN\VLC\uninstall.cab

MD5 cf93bcbabd558cf3a4643084ec339248
SHA1 b1157a1a90ae5681bf9b1bc91a76a02bcb7c0358
SHA256 9688e690947d9e5fa9d0f871c39742e29ef14f391d9301fc82c6eb7f7534f916
SHA512 e3b9b2065db071e862d3af20dc2ac995a4dce01c60b148395887ef530acdd0668f64fa5d5a6d40adf0e6f850a4c4251bf74382bfde9ed8ee51b9645ae635bb34

C:\Program Files\VideoLAN\VLC\vlc-cache-gen.cab

MD5 c314f48471d34bc89863326324d00b8b
SHA1 d245a30303952f5573db6aa1c5e8f72b5a945bd3
SHA256 80b33a61cd53f82dd7f784310842fb1a8f28909a1f10e7a1abbfcda3794eb759
SHA512 82e994ab0685d075cd13f72d981fe3d2759efd58daccf032abf311f51a52be0168032118665720aabfe8455fe748d4f931b3a8e8c20a668da12afd7f596b38ad

memory/2324-604-0x0000000000400000-0x0000000000450000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-19 23:59

Reported

2024-10-20 00:02

Platform

win10v2004-20241007-en

Max time kernel

148s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe"

Signatures

Sets desktop wallpaper using registry

ransomware
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\Desktop\Wallpaper = "C:\\windows\\WallPapers.jpg" C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX843A.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\7-Zip\7zFM.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\RCX849E.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX8543.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\RCX860C.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\appletviewer.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\7-Zip\7z.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX8530.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX8553.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\7-Zip\7z.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\RCX86EA.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\RCX8661.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\jabswitch.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office16\OSPPREARM.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\uninstall\RCX86FC.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\dotnet\RCX848D.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Internet Explorer\iediagcmd.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ieinstal.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\extcheck.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\java-rmi.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPPREARM.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\RCX85B9.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\java-rmi.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Mozilla Firefox\RCX86D7.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\RCX86C4.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\7-Zip\RCX83F6.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX851E.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX8542.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX852F.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\RCX85CA.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ExtExport.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\RCX8660.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX8554.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\RCX8584.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iediagcmd.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File opened for modification C:\Program Files\Java\jre-1.8\bin\RCX86B2.tmp C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.cab C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\windows\readme.1xt C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
File created C:\windows\WallPapers.jpg C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Software\Microsoft\Internet Explorer\Desktop\General C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\WallpaperSource = "C:\\windows\\WallPapers.jpg" C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe

"C:\Users\Admin\AppData\Local\Temp\93c81d454adb6c7a372b3ea03d0d9e4b6e345a6b4a78b5fc84356ae7ce9228bb.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.27.10:443 g.bing.com tcp
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 10.27.171.150.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 27.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 57.169.31.20.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/2044-0-0x0000000000400000-0x0000000000450000-memory.dmp

C:\Program Files\7-Zip\7z.cab

MD5 9a1dd1d96481d61934dcc2d568971d06
SHA1 f136ef9bf8bd2fc753292fb5b7cf173a22675fb3
SHA256 8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525
SHA512 7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

C:\Program Files\7-Zip\7z.exe

MD5 d1b6831ca82be648c6f86b15759b4a83
SHA1 bf467f911f9a1d9bab4d450ee8665b1b5b1fa7ad
SHA256 d0969ffc6b8cb0cf1b93c3969e5ad6261bfe9bcd8c795928a9c6adde13896c10
SHA512 6a2fb6ee895f097245769811280c9d523c62e73442a5592587372fc560653d748cc1f344151675f5b43ac6b414c360acf2ae7270a9e26fbfc5b7ae36b887a25e

C:\Program Files\7-Zip\7zFM.exe

MD5 c5e4d1a8e7bf65e36dccffa045a93db0
SHA1 7f69f5250cc26309866f46a62994e37fa065139b
SHA256 c140ea5e5560ea5c98449fe08f58511a18c2f89340d9d5a5ca6e68d3f7b97f2b
SHA512 ebe6ce30dd4d41e39b424193429668599977cc5cd9ae85a6fa52719b25324804f0f014f3de5816a6f735e56cb318e00e87673de711e4f7a1dd4894da3c283145

C:\Program Files\7-Zip\RCX8407.tmp

MD5 8cd2aa0ee0b335031b8e62cb7dc9da1c
SHA1 4e0467fd9bf84aff97d3b28c699adf5dee7026cb
SHA256 a4cc644fae1146aeca0b570e8c8ab67e7d1869662c1c903d6a8ea53337aa9c5d
SHA512 c1397efbec996b47e98369722a4afcf080e6c7e107f062d171367e69ce08c6b585b52381feb894fefea48c511585b5bc65ee34e58083e30a5faa1662e4a108b0

C:\Program Files\7-Zip\7zFM.cab

MD5 30ac0b832d75598fb3ec37b6f2a8c86a
SHA1 6f47dbfd6ff36df7ba581a4cef024da527dc3046
SHA256 1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74
SHA512 505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab

MD5 b8d69fa2755c3ab1f12f8866a8e2a4f7
SHA1 8e3cdfb20e158c2906323ba0094a18c7dd2aaf2d
SHA256 7e0976036431640ae1d9f1c0b52bcea5dd37ef86cd3f5304dc8a96459d9483cd
SHA512 5acac46068b331216978500f67a7fa5257bc5b05133fab6d88280b670ae4885ef2d5d1f531169b66bf1952e082f56b1ad2bc3901479b740f96c53ea405adda18

C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.cab

MD5 3dc3594fb3b25c55081fe4b3226abbc2
SHA1 7eaddfd597fc76244f71f98877f7149c9e85dc9e
SHA256 6d54694077faf07473196da7b7f1c6981c8ad6a462fcea4777a80cfc6bc5769e
SHA512 8f268673c86e2c38d1713696ed25b75a565d8beb5b05ea755c9cbb12f625b8d4abfc1bb3f9f54c297ba4bd7dd9e465737c30f492aaef0034b0e1568ce13d2445

C:\Program Files\dotnet\dotnet.cab

MD5 33b4c87f18b4c49114d7a8980241657a
SHA1 254c67b915e45ad8584434a4af5e06ca730baa3b
SHA256 587296f3ff624295079471e529104385e5c30ddc46462096d343c76515e1d662
SHA512 42b48b4dcd76a8b2200cfafddc064c053a9d1a4b91b81dee9153322c0b2269e4d75f340c1bf7e7750351fb656445efaf1e1fe0f7e543497b247dd3f83f0c86f9

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\createdump.cab

MD5 8e4a401d4862a3ab07d4e7e17cbdfc78
SHA1 8ff6d2c100a2ba9b8159b9f733da011c8e448534
SHA256 6e25f414dd65440cd0c285990f4eef789a831fff640dadb4afdf79a5dfd95bc2
SHA512 74477239112082429db839be011cbe3d7d8fa66c9b8089dc93b18c1392ae57c935f39446227049e6f7f29e86122d191fa4f2f8d59b87f1f7b6eba3ae4d61a579

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 464a41e396cbd738e03d692627b39fc3
SHA1 71017bdc7d5e370fd83969959e25c4fbc186c56a
SHA256 e52a1d8c8b3b4e0f1f717b4a6ce05e088103cc2c1ab6df1be8ce8e0ffcd9b1d1
SHA512 b9d0a6484a476755a5abeea2d8d8ed033148f40422241e11d7d502d23aed098aef516ec0b4ebe82cfe4b1b7d608151792e664937e951a02d05f7ed23f3c89cff

C:\Program Files\Google\Chrome\Application\chrome.exe

MD5 6a5d9a6779eeb699f5da5369b6b7f65d
SHA1 e871c0508fc17ff536928941b78f7eb900ef123f
SHA256 d35dc960a4343bcbd57982c0b53ad3c21dc449d325204c7ba7e4f51a0dd438e8
SHA512 d5cf9f1324f52ac6dab79e17e9363f6d023870e504006d6ca02dcd82de64c07b1d3ef6011bebf39917936e1fc110d86ffb131c39b7c3d98fa64b27d535d257e4

C:\Program Files\Google\Chrome\Application\chrome.cab

MD5 f2e161162def9b01d0da016d5f1d8c72
SHA1 7240449024e742ba6ba39de5885e9bd290d8ed31
SHA256 f7c1b79bbd7fd294b948871fa7d6130caadf101471cb4d69185cd0e7103a1b10
SHA512 3bbd85522d70f5aaa02eab07a23da47ab6f36e06deab8a5a9ea63557c96fb41bf3d16c62cabcdddcb458a442754228f69532db376df5260d004547484e067758

C:\Program Files\Google\Chrome\Application\chrome_proxy.cab

MD5 2597aa6ae97e33320dfcb968c18128b3
SHA1 9366e7a9c66809a7480119ef241b95fd82cb55ba
SHA256 09812edc4f8ab46b6d3535542b35c578bfc3da81ff56ff7148e539fcf90ef7da
SHA512 4999d490f3a95ba3d5a08b93dd1555969cc15b2295c8294304b19b6b55b0957bb7ef4c3a632c19998835bd8f1637b22298b897733cd910d25d13855dedf36bce

C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.cab

MD5 a16e462f8a078e87520b56d2f48f5bd9
SHA1 cf22b557ee71a12f07a2af8dccb21a455feb6611
SHA256 eb324ee8852c09a10ad84f9542f6cbff52621dc6f75ef17d21976bcfb52f27bd
SHA512 022c262321cfd27c9467a940320bb35378027eb3b35fbbe252e6700d6dccabd017ec7d25c3643e1d2962d9ef7e335270987354caeef6d8e16b6ff7c0902f7c97

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.cab

MD5 b87d2e23c5eedf830fdd58858782507b
SHA1 77316b7bdd0a4f8c242299ba2f345c77e2bc41e2
SHA256 0bf621c252d90bc29e65b6cce86e5130721412e4cd133b07a6341f6d64b76f1e
SHA512 233302337434bb1c3b280f8a9cdcdecedbf4eb867f50d636192597ad09a4713a7ca2e3f7eca84fdd1210adaec9033f16738dbbf7901c177c858db35f6e9738cc

C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.cab

MD5 70d3d83642c32f2434b1d7de6458d05b
SHA1 63b34676c8b7652af010f30f900e2dcbc95a0ab1
SHA256 5a37e0219828126c70be497f77dc498b856c3fa62fbfeb109448f98cdca58535
SHA512 656ba2fcecb0a4b5012adbed917cee121ccd7b2890b7bc85ce55c7b224951a5fbb355f6d929c47633f95eb5836451149e1d29bd164e386d12c8171c932b43d06

C:\Program Files\Java\jdk-1.8\bin\appletviewer.cab

MD5 f63d14c000dfcadf2394c737edaeaec9
SHA1 1c9d16d93f58d2c0a4708ffeaddf9d2c26ef33e8
SHA256 ea8543b0eab31dece2b50ef45a2585f4de09af35c68d9a63152944f8a831ac29
SHA512 4cffa0d1c4c1a1ddb91ade23e17a76dac807174d022115592caec2d0927af8188455e0c7b8273972de4e27e4bb816e83deed70551075b6effd4f32aecf994053

C:\Program Files\Java\jdk-1.8\bin\extcheck.cab

MD5 952fc862806f000e37d22897243c2bc4
SHA1 2da507ba99d86deee0fed3238e5e9fb170a562d2
SHA256 955f386e3af5d87a46dcb2064967e34eb25a44ca3d2436e54bd5b84f4a2ab2ee
SHA512 c74263c02d2066c0ff8a236c9fc620e2e088b3c1d3b54852de45f7b7dfbea799ffef41787919a196ff4e7ff03d1c7dc1bb2b876f1c7f829e04aa577ff728ef05

C:\Program Files\Java\jre-1.8\bin\jabswitch.cab

MD5 f0f1575cb0a27c0815cd6a6ee694c7a1
SHA1 347aabf545b26e24293e7983a34a88fb1f132ed3
SHA256 7f1b10f0679401e5360f7e0baf903035728a631c03056b7d40dbb6ae734fecae
SHA512 6713667c5a1cc7d8aef24b3214f045411d41f1d0c14a4d994ec4f53302d9293bb56360e30c51f31542ad67d540b0f0c9f0530783481bc810d1634b127e48989a

C:\Program Files\Java\jre-1.8\bin\java-rmi.cab

MD5 5aab08e129caf5c4595f21142e3c32bd
SHA1 1ee57e2d3e4939945939d4df180c1f9128fb2582
SHA256 ee8ecfd717dfde63ff423f21fca560d80ec333ebfe2d55aba23fb7a1c4bffaaf
SHA512 5b5481ff4d75762419322ed491eb932b7a2dc89497f15a5cb020406de717e9463e3494974945b0ff459b2acff2c314c42ebecf5580d4a40e9e3d555bbc0cfe2d

C:\Program Files\Microsoft Office\Office16\OSPPREARM.cab

MD5 3f1c773a2e54f4d27b29c3fc1edd7d43
SHA1 ef9a5cefd1f3c76b0fa5c8ea4a261dc46e59d185
SHA256 ac66bafa0e7196b9f7b4a83b9625b32e83db7731418ecd0f4a8de474f7355254
SHA512 d6636ba0c800757d361212169f770d3799cc46583c79e0b9cc7cc49c565b86849e8965fe0783100bfb8039f12b717db88f95062e7b6b6f67a7f8bd38144a4297

C:\Program Files\Mozilla Firefox\default-browser-agent.cab

MD5 4c6887f8c8c66f0b2db5a8b347931b70
SHA1 1a71320873155f84de67bc16324c8ca0e503be04
SHA256 a080df509685780d81ee32d86eac7ab15b5831090678f63b5741b57fd8a9969c
SHA512 3e1cc423bcde71a24457b5f9756241c0bc0f9b1f434eafc84ec733f124bbcf6f9a1e104caf402ef2d60a96b895842a8e6b18cffc59936e6c4873a3be92cace8f

C:\Program Files\Mozilla Firefox\uninstall\helper.cab

MD5 cbb81a903dc88f69ff9107f11bded306
SHA1 4466021a5d98b59b61c7d45a8f5dd695226b9056
SHA256 5719bb2ab3c985570662a12789a2dfd37acd6aa3bb743eb75fa271256455956f
SHA512 93e8e2e62b27686a2ca2dd4db7ae59349730e233f88ce83fd55969df1b16b9c382751987a76ba6b451bdda2dc080f7cf93a915e2517a783d16018813e3b27d13

memory/2044-499-0x0000000000400000-0x0000000000450000-memory.dmp

C:\Program Files\Mozilla Firefox\crashreporter.cab

MD5 aa9c1de3041eb75aeee90b85ff66c9dd
SHA1 83cba1e082732d95f278434fd25374104e25c668
SHA256 57b8145816b5d189842e350fc030e5a4def3a8990e489aa68dafec2b34e50171
SHA512 fa75c0de232e497540cce6f27dc0b0457860255a0822a6db297942ae91159dffaf4d35367aabcf9b2e235766a204210afee13e2e00cd0016403956a8a63a78a2