Malware Analysis Report

2025-03-15 08:19

Sample ID 241020-vlsk8a1fqm
Target 89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N
SHA256 89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731

Threat Level: Likely malicious

The file 89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (3218) files with added filename extension

Renames multiple (4613) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 17:05

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 17:05

Reported

2024-10-20 17:07

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe"

Signatures

Renames multiple (3218) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\7-Zip\Lang\ka.txt.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mauritius.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-jvm.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\uk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Tegucigalpa.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\launcher.win32.win32.x86_64.properties.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Pitcairn.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\plugin.properties.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Atlantic\Faroe.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcjavas.inc.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Budapest.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-dialogs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre7\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Amman.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-api.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libttml_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-explorer_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Prague.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\SpiderSolitaire.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\license.html.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe

"C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 27e07da31bccb6077024fc9362a25f9e
SHA1 86a2363a042ea059eeb43b5260502cff817adf19
SHA256 3a366aa25732e46d98ff7eabc5d740ea6db9f1beb92e1c0a20e45b7afd3035f9
SHA512 c2e85e33200f6022459c85f53b6dd15c534e38ae24b4b90b6158e20e10ef5f5eff29b31e8cd19fbb01e7f3b77b959b637c9b55a27c95efd483defa9ec0f72461

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 c23e71245aa6eb4adb9df4cca76c3b7f
SHA1 2b2a57160e790243d2c73a05719e35b1b2f3b703
SHA256 bcc557846c094d1483387ce7d21d35bdc2871e46c3d003921f3618057b43a596
SHA512 11b05323a63fd38902c385128404af37299379522f5857dfb17b001c5800dfa30097cf9e34eccaec7125a258e5698e9b9bf4ecdfea7f609f19c2c8a37ea82494

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 17:05

Reported

2024-10-20 17:07

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

104s

Command Line

"C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe"

Signatures

Renames multiple (4613) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.OleDbInterop.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.Cryptography.Cng.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.TypeConverter.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mip.exe.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\lcms.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\FOLDER.ICO.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PSRCHSRN.DAT.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART4.BDR.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Drawing.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ONENOTE.HXS.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Orange.xml.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\pkcs11cryptotoken.md.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\DIFF_MATCH_PATCH_WIN32.DLL.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebHeaderCollection.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\thaidict.md.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.Immutable.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\SmallLogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\7-Zip\Lang\kab.txt.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\npt.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\FPA_FA000000009\FA000000009.tmp C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe

"C:\Users\Admin\AppData\Local\Temp\89f215fa9505ef412496d489ff93b2d332fbe900d1d7e1f36b1575b7490b3731N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 69.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 103.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

MD5 ae7161f6f055c8237e71cc2ed51d9357
SHA1 fe6becd8c5b1305bc028c67b1da3ddd69fef16af
SHA256 eaa669d190ef5f8faf26e11461e02aa3fad17df5a2d760743a55691624b7b25c
SHA512 409fb6a725820e5227cc770f5eaed289d96fb4a21f0b058bedc48f466a6c78f798e3004c6157bc1ba8cd76d1786551465995de7e1c2ad41bc50a1b07f701e6b3

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 22dc0e1d5d3bf238bffc7c48eea0d2d0
SHA1 648edd174f343979fe676908d49fc07e452271ff
SHA256 8c59eb8e95d397c784266533bef95fea5ab8bfa47ad3ff06102bcebc429966ee
SHA512 681081084ebb956189cb8c3e442a9a437e8f5d129dfabc8b01f3367e145eccd1077f26da58fa3ed13be8d6de297a1140242e7a10151bd06f2cb045088bf2108d