Analysis Overview
SHA256
3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10
Threat Level: Likely malicious
The file 3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (1066) files with added filename extension
Renames multiple (2117) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-20 01:16
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 01:16
Reported
2024-10-20 01:18
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
105s
Command Line
Signatures
Renames multiple (2117) files with added filename extension
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-profile-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsBase.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationCore.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.deps.json.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.Cng.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.Primitives.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-errorhandling-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\7-Zip\Uninstall.exe.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.AppContext.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.Design.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Input.Manipulations.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Pipes.AccessControl.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.Design.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationCore.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\sl.txt.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Forms.Design.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\WindowsFormsIntegration.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\UIAutomationTypes.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\PresentationCore.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\PresentationFramework.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\System.Windows.Forms.Design.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemXmlLinq.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Cng.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\Microsoft.VisualBasic.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Input.Manipulations.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Input.Manipulations.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ur.pak.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\123.0.6312.123\mojo_core.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.DiagnosticSource.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.Pkcs.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\System.Windows.Forms.Primitives.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.tmp | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe
"C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp
| MD5 | 616f547f1d3065bb31c98bc4bb209dcb |
| SHA1 | c2ebcf6a719a045abd8bc0b0b5f7bacd104ccef3 |
| SHA256 | 69945102664c866bb75bbdd698f886046c4babc671c6ef94eb4da0fc39d79d53 |
| SHA512 | 530a61dc70707e20c41d6722f6fccda04ec474b3bea8237033e6a4be302df0a56c35c8f005fcace0debe70b8d14d8d18dab22a857a0b3501107c3195b3dd2178 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 3d97c450f6575009dce34a040e7b39bf |
| SHA1 | f886e817f0e6d74a5e5c6b473404f8a7d8d5b117 |
| SHA256 | 8c728c3be5679218f7b23edda90bfe689f5cca40f6132f891651c0ad7889c813 |
| SHA512 | b1da577563c994d030c3376701de6abf400e27d00d5f0977e41e256058eb674ba49fa09bceb82271544331bab80fbb82a974592eb281730fe1c318f87ff0f404 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 01:16
Reported
2024-10-20 01:18
Platform
win7-20240903-en
Max time kernel
120s
Max time network
118s
Command Line
Signatures
Renames multiple (1066) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe
"C:\Users\Admin\AppData\Local\Temp\3bb27c05f213f283e5c4dc3ebe5935dfc2aa5599272647096dfc78b11d31ef10N.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp
| MD5 | abb1a0647964cb8decd9cc06dbbfa3da |
| SHA1 | 86ff91f8db320a51615245f44e7699711f44ae6e |
| SHA256 | 211c5ef963357c5dc4285b37e3c33f3ecd45611f12159a606a36555ece4f2aea |
| SHA512 | f4903f14ea4ae9d6625b0d2bebe081264c26b1e22b636fe40aee7ec4a0846e938d4e41481c6f8ee056fa9c28778d49137ea293c5aaf1c53fff39b4fe78fd2861 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | e473dc54e65882428b7a2575a96e111e |
| SHA1 | 050b6b73aa5aead50427d030030a311725a511ac |
| SHA256 | 28cbce0be3995dbeae67420d5aa71c4f823128e19b29f3dbbc7bd5ef4a1c3763 |
| SHA512 | 85637c95c7224092b1038171301b7123ab003a709a75861c89133d63daa8974636b1e1ab67b6aa35984873d2b6d89ef7d34edf7f5d79f9210d83bccd77e45fd3 |