Analysis Overview
SHA256
a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379
Threat Level: Likely malicious
The file a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (305) files with added filename extension
Renames multiple (4577) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-20 00:12
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 00:12
Reported
2024-10-20 00:15
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
104s
Command Line
Signatures
Renames multiple (4577) files with added filename extension
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Input.Manipulations.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail3-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_Retail-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\GFX.DLL.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Grace-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemData.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-ul.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\PresentationFramework.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\awt.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp4-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_OEM_Perp-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-multibyte-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Emit.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_MAK-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.ResourceManager.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\dxcompiler.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.Annotations.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\plugin2\vcruntime140_1.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Retail-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_MAK-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Web.HttpUtility.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.VisualBasic.Core.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationCore.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-black_scale-80.png.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\mr.pak.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_OEM_Perp-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\hwrdeush.dat.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-processenvironment-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Handles.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Input.Manipulations.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProPlusMSDNR_Retail-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_SubTest-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\accessibility.properties.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.TypeExtensions.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Printing.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-conio-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\jabswitch.exe.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\UIAutomationProvider.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\wpfgfx_cor3.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\sv.pak.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\dtplugin\deployJava1.dll.tmp | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe
"C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp
| MD5 | 3fe257259416aadbb845a701673d3ac3 |
| SHA1 | 8c59585eab1d7954cda57aae852776e189a90a51 |
| SHA256 | a9209e7b284df387573f96cccfee44fefacdbe6179ccc38fc9418536c760505b |
| SHA512 | 9747d28cfee65bfd76de9666719516f64daf5bc24738649a3736b1a9b9580b58e682697ce40b45e8864c46c23cbc5dfa03fa3bdcadc854b951dfc8cfbf889204 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 8d7694ba0cf3d95a912174226c0237e2 |
| SHA1 | 6d4a37742d26b46d2c0cd60e925cf0264b6d5174 |
| SHA256 | f8948fe0869fd7cb8fbea153f15653a004c9eca8d1a18bc1649a0418d0426774 |
| SHA512 | 33ed906f33e5859140fb9297f6fb8bfca130094dd0d9bc1970b9bf42b91ff827fa6e98186ed7217744e84f4e9a9c13fae4908810e8734de8a40d3ef54b8d9174 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 00:12
Reported
2024-10-20 00:14
Platform
win7-20241010-en
Max time kernel
120s
Max time network
19s
Command Line
Signatures
Renames multiple (305) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe
"C:\Users\Admin\AppData\Local\Temp\a38e81b0993e6c94b0648782dc5e7aadbdf3a4b0997b2fb832c235aff8b92379N.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp
| MD5 | 617cec3ae371447ba05e280dce5d20e2 |
| SHA1 | fcecb46eecfb63255e6271d939594998e3486d5d |
| SHA256 | 3115ef29d955d25e8f225dd68443f8b85f932d4558c6cd5534d2ed7eb033dfba |
| SHA512 | b8a00b7323bd28ff067724a7da311b50f41fdd5fabbff9f7d6ed9253a1c8830c5a296bce31b5026104fdf76507a649805de4fd25188de406150b090ca91c7619 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 6c3f0dc1e2826a8ec6e3bfd7a175d364 |
| SHA1 | c2e1ee5ce91e62773ba84cbf7fbbdacd76d84102 |
| SHA256 | fa6e33f032d40a88610283460206d3456ec4477144e2768a3bab3c97ccd5127c |
| SHA512 | 51b629a15b9e7c7a3df20b41e1d89192d67b871a761b23c14e36ad157283f9ed127426fcb6f872f381aad8701d59e063821a9c3f739154678acf452c1454931a |