Malware Analysis Report

2025-01-22 20:18

Sample ID 241020-btws3asflj
Target b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c
SHA256 b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c

Threat Level: Likely malicious

The file b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (5169) files with added filename extension

Renames multiple (3694) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 01:26

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 01:26

Reported

2024-10-20 01:29

Platform

win7-20240903-en

Max time kernel

150s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe"

Signatures

Renames multiple (3694) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.components.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre7\bin\rmid.exe.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WinFXList.xml.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\IA32.api.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre7\bin\eula.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre7\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Windows Media Player\Media Renderer\DMR_120.jpg.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\eBook.api.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_output\libflaschen_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\rockbox_fm_presets.luac.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-attach.xml.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\UnblockMeasure.avi.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\localizedStrings.js.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre7\bin\splashscreen.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Efate.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libntservice_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\VideoLAN\VLC\skins\default.vlt.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\css\calendar.css.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_up.png.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\gadget.xml.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_corner_bottom_right.png.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.DataSetExtensions.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-nodes.xml.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\8.png.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpcore_4.2.5.v201311072007.jar.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre7\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\shuffle_up.png.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\eng.hyp.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\logger\libfile_logger_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Internet Explorer\pdm.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe

"C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe"

Network

N/A

Files

memory/2084-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

MD5 1eee338c759ebca537db6a9f995606d3
SHA1 970d9f8865e9d032b88c62ac9adb99e01637ed41
SHA256 a0b9e62e18f2e8c439b7f4406335602c0a48ca6dad5d8f47a7c003364a93aefa
SHA512 cab205fa2e35b29bb43e775ca0803924b6bb654112e38578eb8eb25997f73db78d58232ebf27486559674f653f288c9bb6cb7e0ef34eb5d7d2d1f509b165df10

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 8f8f793516ac849e152c2d0428f9f75b
SHA1 08175bed3355c7ff0a90ec51ef4584387eb84361
SHA256 1bda95fc2b9863eddd369cb5af2461be4a2ca2172d07e5129ab7d7e372ce6745
SHA512 d82c4240caa76e40cd5bff5032d4665c13e43356c8623f80eb7ed328f628d94202db927a0c4731e618b4abc75a6a0902e5edb72ce0287cba71a2d654d3475858

memory/2084-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 01:26

Reported

2024-10-20 01:29

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

126s

Command Line

"C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe"

Signatures

Renames multiple (5169) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.NonGeneric.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-interlocked-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\sspi_bridge.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\sbicuuc53_64.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\hostpolicy.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.TextWriterTraceListener.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.WebClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\c2rpridslicensefiles_auto.xml.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.FileSystem.DriveInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ReachFramework.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGMN105.XML.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscordaccore.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.PerformanceCounter.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\wpfgfx_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\Welcome.html.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\CLVWINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Forms.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunec.jar.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ValueTuple.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOSREC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Microsoft.VisualBasic.Core.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\id.pak.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\vi.pak.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationClient.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll.tmp C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe

"C:\Users\Admin\AppData\Local\Temp\b815acf7a5c98bbb90373602f939d6683f22d23728070b53e11ef0f26749964c.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 150.171.28.10:443 g.bing.com tcp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 30.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp

Files

memory/4640-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 d3cad590f95b731d7a54b05568d93f78
SHA1 971e78b3befbfd0890d390b67a76da41fad60459
SHA256 682a02c74ede5b82522fb002b5a93d87121ecd92d464253038cdd8f191bc4c9e
SHA512 390b265a98cab8b8d5cda44add86d9bb3d3243a32610df6b0c64701009c6bc456fbad7202c9975ada86bcac2fd9dbd77c27939d0f578fc7214b609cc3ba7a493

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 e10f69baffb065712b643ef076ff2dc7
SHA1 2d2c0bdfad38ddb2b89eea636917e94470a7f7c7
SHA256 e38a3519b57f31a3c02e6e03cbe15366b305a9a2a364a93dc89ca2c48032d5e2
SHA512 309f544b94fffb8d1234f86f377fc16f05eba6f3afe6b4058f96bd9a605afd2a57ea2d5dc905007b8bac935ca827070a29a1dfd65990cd8684cfe988e8230697

memory/4640-696-0x0000000000400000-0x000000000040B000-memory.dmp