Malware Analysis Report

2025-03-15 08:19

Sample ID 241020-ztl6mazdmh
Target 3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4
SHA256 3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4

Threat Level: Likely malicious

The file 3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3837) files with added filename extension

Renames multiple (5190) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-20 21:00

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-20 21:00

Reported

2024-10-20 21:03

Platform

win7-20240708-en

Max time kernel

149s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe"

Signatures

Renames multiple (3837) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Games\Minesweeper\de-DE\Minesweeper.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\VDK10.THD.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\en-US\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_left.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\localizedSettings.css.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\1033\EEINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Damascus.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Nome.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\gl\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\RSSFeeds.html.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jre7\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+3.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Design.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\29.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\APIFile_8.ico.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_es.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayman.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Data.Services.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\VDK10.SYD.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\forms_super.gif.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_divider_left.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1033\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Common Files\System\ado\msado21.tlb.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-keymap_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Windows NT\Accessories\wordpad.exe.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\MSClientDataMgr\MSCDM.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.servlet_8.1.14.v20131031.jar.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\hxdsui.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadds.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\extensions\VLSub.luac.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\video_filter\libgaussianblur_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Windows Journal\Templates\blank.jtp.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Palau.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\de-DE\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\am_ET\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_box_divider_right.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe

"C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe"

Network

N/A

Files

memory/1628-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

MD5 a361e3c00f78d8d6519e745f8a94397a
SHA1 c515f55b5e569094f06d61007897fd91c438f557
SHA256 d8ba97ad9ebd7732a1a2c342869798b9151e273ceafd6b31b3656b9fd56bfffc
SHA512 8f434970b610070ac64a1bab407c462c4737a8552dad4dc91fe043b3ef0ddf23ac6bd90f71c29f74b17246ecaf493279b38a5213b3396c110a0be904fa179593

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7d794f09c917647461c5332b9e8b09f1
SHA1 7008e79d23d721737510cb7c114cbc8190a83b03
SHA256 1e134b9e070fec249df96fba4f6f0ea160d75621d2542293159b13a1539fd22f
SHA512 35fcf5d6671d6e7a8b30af0651d7baab57d6dced48587826f68671f95aea3fb88038b4dea100b59852c5fc5ebaba18e2c63d7ce16ee4cb775776762b6c819fe7

memory/1628-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-20 21:00

Reported

2024-10-20 21:03

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

153s

Command Line

"C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe"

Signatures

Renames multiple (5190) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\pl\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\7-Zip\Lang\th.txt.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.White.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\cardview-linkedentity-dark.png.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.DirectoryServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\hijrah-config-umalqura.properties.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CSS7DATA0009.DLL.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\default_apps\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVLP.exe.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_MAK_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected] C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected] C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\AUTHOR.XSL.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Redshift\lib\OpenSSL64.DllA\libeay32.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\sv\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL102.XML.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasql.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXml.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri.xml.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSOUC.EXE.tmp C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe

"C:\Users\Admin\AppData\Local\Temp\3e8bffbe9546372f61ede0f9212cf335c8e4d9a5df847043af2cb1b536e03ef4.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 76.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 66.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 71.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 26.35.223.20.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 195.98.74.40.in-addr.arpa udp

Files

memory/2108-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 02d1f89be174a2330d798c1c51910971
SHA1 f44ce24f13dc845c31a4643425d64427e8af9045
SHA256 d33de77c72a58c885f4681969c2c3978821dea8c2a48576851e5fb892f1b59d0
SHA512 7b7fd599692e5d393c0dbea61c2f0986319b863568882a534c35019135dc9f93a8d8b3ecf3919fec248f13f20832d26c17f0593ade5b39c1de32eba5b95f3de2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 90bb897e470d5a720c68e097ea13e3be
SHA1 389147d8867686a554ea0ba6edee88f95ba2edc0
SHA256 7b4d6a7120e638a1a9729fbbeb9a3cb8841915d5d1bae24ddc0286d870e31730
SHA512 37c6ba025f19bda5466811658b716d0ea46611737a35b61423370a2423da22e0fe0421380974a142e58ecfca0d6db0d23fa5df5909997cb38badfedbf061f495

memory/2108-658-0x0000000000400000-0x000000000040A000-memory.dmp