Malware Analysis Report

2024-11-16 13:22

Sample ID 241023-mt2vvsxfkp
Target 857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN
SHA256 857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7db
Tags
renamer discovery worm
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7db

Threat Level: Known bad

The file 857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN was found to be: Known bad.

Malicious Activity Summary

renamer discovery worm

Renamer family

Renamer, Grenam

Detects Renamer worm.

Drops startup file

Loads dropped DLL

Drops autorun.inf file

Drops file in Program Files directory

Drops file in Windows directory

System Location Discovery: System Language Discovery

Unsigned PE

Enumerates physical storage devices

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-23 10:46

Signatures

Detects Renamer worm.

Description Indicator Process Target
N/A N/A N/A N/A

Renamer family

renamer

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-23 10:46

Reported

2024-10-23 10:48

Platform

win7-20240903-en

Max time kernel

110s

Max time network

18s

Command Line

"C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe"

Signatures

Detects Renamer worm.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Renamer, Grenam

worm renamer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paint.lnk C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\vapt.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\vidlj.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\vjdb.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\vjhat.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\vjavah.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\vjabswitch.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\vjmap.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\VideoLAN\VLC\vuninstall.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\OFFICE14\vMSOXMLED.EXE C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\vjavafxpackager.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\vjabswitch.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Backgammon\RCX89CA.tmp C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jre7\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Windows Mail\wab.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\7-Zip\vUninstall.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\vjavac.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\vjconsole.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\RCX8A4C.tmp C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Chess\vChess.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\vjavadoc.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\vjcmd.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\vjrunscript.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\vjhat.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vchrome.exe.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\vchrome_pwa_launcher.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\vapt.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\vjabswitch.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Games\Mahjong\vMahjong.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\bfsvc.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe

"C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe"

Network

N/A

Files

memory/1352-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

\Users\Admin\AppData\Roaming\Paint.exe

MD5 0051678c4dbd4fc47874f4b707503780
SHA1 e5c65b6760840653bcd97ad87d35debdcf083969
SHA256 857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7db
SHA512 ab78d093408b28fdac13a3c4c5387e2e1c9fdad4dd522624b9c4a66f8ec64b86068a308f9b0fcb060b2fc0cd51cae3c874dd0f86501f43f18a3e19078dd5a439

\Program Files\7-Zip\v7z.exe

MD5 9a1dd1d96481d61934dcc2d568971d06
SHA1 f136ef9bf8bd2fc753292fb5b7cf173a22675fb3
SHA256 8cebb25e240db3b6986fcaed6bc0b900fa09dad763a56fb71273529266c5c525
SHA512 7ac1581f8a29e778ba1a1220670796c47fa5b838417f8f635e2cb1998a01515cff3ee57045dacb78a8ec70d43754b970743aba600379fe6d9481958d32d8a5aa

\Program Files\7-Zip\v7zFM.exe

MD5 30ac0b832d75598fb3ec37b6f2a8c86a
SHA1 6f47dbfd6ff36df7ba581a4cef024da527dc3046
SHA256 1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74
SHA512 505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

\Program Files\7-Zip\v7zG.exe

MD5 50f289df0c19484e970849aac4e6f977
SHA1 3dc77c8830836ab844975eb002149b66da2e10be
SHA256 b9b179b305c5268ad428b6ae59de10b4fe99cf0199bbc89b7017181905e97305
SHA512 877d852ea1062b90e2fd2f3c4dc7d05d9697e9a9b2929c830a770b62741f6a11e06de73275eb871113f11143faf1cb40d99f7c247862ffb778d26833ed5d7e38

\Program Files\7-Zip\vUninstall.exe

MD5 ad782ffac62e14e2269bf1379bccbaae
SHA1 9539773b550e902a35764574a2be2d05bc0d8afc
SHA256 1c8a77db924ebeb952052334dc95add388700c02b073b07973cd8fe0a0a360b8
SHA512 a1e9d6316ffc55f4751090961733e98c93b2a391666ff50b50e9dea39783746e501d14127e7ee9343926976d7e3cd224f13736530354d8466ea995dab35c8dc2

\Program Files\Common Files\Microsoft Shared\OFFICE14\vMSOXMLED.EXE

MD5 f45a7db6aec433fd579774dfdb3eaa89
SHA1 2f8773cc2b720143776a0909d19b98c4954b39cc
SHA256 2bc2372cfabd26933bc4012046e66a5d2efc9554c0835d1a0aa012d3bd1a6f9a
SHA512 03a4b7c53373ff6308a0292bb84981dc1566923e93669bbb11cb03d9f58a8d477a1a2399aac5059f477bbf1cf14b17817d208bc7c496b8675ece83cdabec5662

\Program Files\Google\Chrome\Application\vchrome.exe

MD5 095092f4e746810c5829038d48afd55a
SHA1 246eb3d41194dddc826049bbafeb6fc522ec044a
SHA256 2f606012843d144610dc7be55d1716d5d106cbc6acbce57561dc0e62c38b8588
SHA512 7f36fc03bfed0f3cf6ac3406c819993bf995e4f8c26a7589e9032c14b5a9c7048f5567f77b3b15f946c5282fc0be6308a92eab7879332d74c400d0c139ce8400

\Program Files\Google\Chrome\Application\vchrome_proxy.exe

MD5 b65d7344b0a7faa207d2e1a7adaafb60
SHA1 755ad15b1745b0e730d658d4a92e2b754425b7db
SHA256 f4b91fbbcba8a46eefe4965e4a24c6ede3decbd1fec96e141a1953173efd1c92
SHA512 f17ac73c2df7c73a31b11ce0f533d6db91bdb0cdeea653dcd52ac72c3cf28da0c236b79586ddc7a6c825fdd171290722f888465e776f12ac2cae75be82726b22

\Program Files\Google\Chrome\Application\106.0.5249.119\vchrome_pwa_launcher.exe

MD5 527e039ba9add8a7fac3a6bc30a6d476
SHA1 729a329265eda72cada039c1941e7c672addfc19
SHA256 4b8a72fc81b733ed2e6e70d4c5401f954002783dbf14927849ad579860780b94
SHA512 9e73e14e33a5f07a87e9c1fecfdaee09d1408471052aacfde3d1e877dad4d253b525ebefca6bddabc23cf81d8dcce0785aedcc2f135d171ecbb1feaeb922c449

\Program Files\Google\Chrome\Application\106.0.5249.119\velevation_service.exe

MD5 ec6386b63c3a5ffe0577905e94262c3a
SHA1 8f8c428d0e7f32c9d733ca28384ded413a060588
SHA256 302c968ab3e1227d54df4e72f39088d7483d25eeb3037f0b16bc39cef2728fa4
SHA512 ddbefb759858493de1f9d7addc6ff4488c8be3164374e0a88c3cbe97751510005dfe6d91c5499fcbdc35aa33a8eda2d45591a66e54ab9462277dc833faef77c3

\Program Files\Google\Chrome\Application\106.0.5249.119\vnotification_helper.exe

MD5 81664a918656ecd5e8eca90cedba1150
SHA1 580d0eb98bb2c838ff89eb54efd86535ee8882f6
SHA256 2f664c756727c321a3a0fb6c6e68842ca1a5f20575a02312ea10675dbd5dc40e
SHA512 7a211a01c674aaa5e8052dd339b412892c452309b651e835f0b8e27f15ee3fed42c58f43910a202150ca90704f522499deb7bca055451f1e6c8515b2d491df3d

\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\vchrmstp.exe

MD5 2161730a7ae00a1fb8c5020a43be949f
SHA1 8db6b820472cdfa266c874e0d3a9395412995aa1
SHA256 07e7896b2304e3b9966294a02d2ed32f41994ee7bd0a284e4160743edaeb9e15
SHA512 aa3659b6184f4273b7fcf1f7d2cd0a5a9129b8856d15e4ca8904b709e85cd432538ce0510ca9777760a1a9d5391671232a79908860e7d665260a54910f6fea5a

\Program Files\Java\jdk1.7.0_80\bin\vappletviewer.exe

MD5 c9aaf1247944e0928d6a7eae35e8cdc4
SHA1 af91d57336d495bb220d8f72dcf59f34f5998fd3
SHA256 05b153ba07dc1a262fb1013d42bfc24d9000ce607f07d227593c975cdf0bb25b
SHA512 bf3bc64135810948626105a8f76dc4439e68ee531f20d901c3082ae2155f2ea35f34d408de44b46ede61ded832fcc61ac1cb9719e432f0f07b49479c95847e51

\Program Files\Java\jdk1.7.0_80\bin\vapt.exe

MD5 407d2d7dab36cdea871d4c6b9c62b258
SHA1 86cd158ad810c6772c22a5799c7acf4b9d7c9f57
SHA256 3c040679ea4be0cc5ca20c9f24caf6c13d3002560347e7446dc963b611523bd9
SHA512 dcdb53a3ca2a3637216a9d8133d1dbda336a6d3a98c6b956af42f94adbc136dc5a0245e87512d0314f23dbf3cab4900bc40ac13c79ee93a677d93a89e0cd9e17

\Program Files\Java\jdk1.7.0_80\bin\vextcheck.exe

MD5 1cb4c95888edfdedb61628680fffd415
SHA1 3336670c701c61bb8062d7620c4244dbc01756d1
SHA256 182d8ab5ec2ee2ec57d60c2d2d75df6c852810e74c50289aa9c2c99a6b050fc6
SHA512 24c8c05baef516fba5aa763c0abc603065a75e5816501c713b24ec8baddad4fc290b3973dad89ac65f09d0277c2fa72d8b00f0eb2871170dbd89a8d9062bacf3

\Program Files\Java\jdk1.7.0_80\bin\vidlj.exe

MD5 26b70aa2ab871a72a3fd30829f2f1f29
SHA1 73934bad6bf5ca22484a88e1a4b1263ae278c419
SHA256 4e11bf944fb0a34c5cf1871fec3c8f7473e1944642cadf89a86db2eed874d35f
SHA512 40cacfff6c7f47aa0703e8cb3186f8bacbff1d56dc0547d67c44e716fc0d28705995a439a88a02ce8a262628b33cf2f6ec6f0586cdc2fc86597e3da4fb6a1d84

\Program Files\Java\jdk1.7.0_80\bin\vjabswitch.exe

MD5 502e87232756dfacda7d1686d4bc9ea4
SHA1 6e40897d0a957783b8b88f2a6487dba028954b22
SHA256 d230ada81f3add58fd8a646d25b8f25fe6271b3eed5edef9fdc8945baabd5631
SHA512 96366e76942f6da30c02e9f6cf7cdf0cb7550455c8cbaaae7358d15a2258e1f0b2bfa960d52cb774039f2070dc8c383c3df187805f4910d40601b853e4309d9b

\Program Files\Java\jdk1.7.0_80\bin\vjarsigner.exe

MD5 2f7770a34bb22b99f8f6966851331d82
SHA1 2a2860cde1482df656544e1983e957f815be4193
SHA256 f873c02b69408f905c2c0b35b188d2c0b0a7cccc98a59d18dd0c297f761d2ef7
SHA512 8611f8bace081711d6f5dcd41177f594314970c5b2f328755027383e4ad2a239bbd85e0cedf6d1a76d9d1f54afbd340c9bd4ab119bb87cfd5a11149a0cb71dfc

\Program Files\Java\jdk1.7.0_80\bin\vjar.exe

MD5 3eeb342d48cfaa4c568a93ffdfc847d0
SHA1 ed5fd565c4a1867ca554314f038fc20c7de01b90
SHA256 29e65344e34c2354da05e8de64b106aa0ec99d8c5c22b58797d0047e227879ff
SHA512 db5b84233d40139c44cb8fd1a43e1c8a41c967358641e1488cc19474a8de381c5aa2c84f61b10d69d019f0d7170177cccea47ce9460d409a480c8537232a2ef0

\Program Files\Java\jdk1.7.0_80\bin\vjava-rmi.exe

MD5 a5f4cccc602a42b4ddbd8acbcf34f158
SHA1 5f26277884b2f6cdac26267f9b582ac5a5d21b08
SHA256 2d9044e9265fc09680d5f0c054c4ccac7d8d14b3a4a42e803a2097108e0f1acc
SHA512 3cb0d0028468edb1687c6142ce3ed6b594428bd209bf8b85ab2315e7992af12c4d622f26e652d6be0718d51d0d6a171c0a881b36d2e67a199998442e91621149

\Program Files\Java\jdk1.7.0_80\bin\vjava.exe

MD5 641b4ed6ab90a6f52ee512ea88a64cd1
SHA1 28d014900accc98e6089d83d0b2a8cb8735ed101
SHA256 13590945a04037dfd15d61166e0771682c7809674fca42f53fdb3afdcbe21410
SHA512 00a588556196e305dbf1714e573a5c5516c2988356b984a7284ba017a78bacb8d576b590da35be40171d6dca73580c5b9ab06808c7246c2e13c8d9b816f2ca09

\Program Files\Java\jdk1.7.0_80\bin\vjavac.exe

MD5 000b77a2ed92887856174641dfb6f485
SHA1 7872d9768f3a4b0601b91bd0b55f08c8992819e6
SHA256 1100a8d298426491aeb34288f7d6e600622f2d94fc01bfeb093fcea3ac32a8e4
SHA512 cec8642269bee8162b8d317ba61777b4005cb2dae8e9837bfd336bc6fd633066cd52b878160f4496113c147a7d0374619367e9bb451e82f7a5a39f0db3fde152

\Program Files\Java\jdk1.7.0_80\bin\vjavadoc.exe

MD5 516f6320ae4d755b9ea0c7c8347f5801
SHA1 bfce7c2869725ec8f327b083be57d20671fcb2a2
SHA256 9e696aa5772e8cba27545b47b00be4a3b8fc888f8c83ca11939b753850feab14
SHA512 0e12bc2f01f2897df41e56cee150177a3cc09ca5e889b61fcb9dbe07391a6f2537454401a2ca2ad93c652303a8e5782fd9860ca83734401393e314570175a6f0

\Program Files\Java\jdk1.7.0_80\bin\vjavap.exe

MD5 95cf3bf094a35c9e7434bc402c09630c
SHA1 2b4d21ee55666f0664a644ec443502a942b9e7d4
SHA256 4973b97a274648d53977499891b919f98684fdbebce10751d71ce4d2754f6622
SHA512 09db399afec354ab699701f4196e93178db613421beda9e695bc36414698f83084d05b70595d2b31fe2a0d757ba98640f7e3953defb8dd71df03e4c01391fe8e

\Program Files\Java\jdk1.7.0_80\bin\vjavah.exe

MD5 8ffd9b7406e8aecf1d6117606d2bd149
SHA1 edf1f0f2f1024cd0fb6b39dadca251c99ccdedcc
SHA256 dd6b65e78cb194055494bbb7736ef917d3d6da1863567afe50b8abfc8e51267d
SHA512 ee54a1bec20608477053e87c641cc59dfe3c5a77061395c9d41759c3c559d6d5e8761b75327f3a05e62c602031650ec0be375a1b2235a944048ab340efce7397

\Program Files\Java\jdk1.7.0_80\bin\vjavafxpackager.exe

MD5 cace8f27a66ffec4f9823aa258c307a9
SHA1 dc515d29aa43d2b6b7e157f05e97e87d5f785884
SHA256 3cf626dac6e91a03f688bf5ab674871a3e0411314f261bb2c69346a1c46bc733
SHA512 4a5d5b564bd483e1949826d388e41c63a7b056236c5972c76721fd98c9b704a79622ed4c1b045080e4470340a9953595df955148999e15677f0e38e529a6a5f7

\Program Files\Java\jdk1.7.0_80\bin\vjavaw.exe

MD5 0266d98252b6beee2e842d5e876031a8
SHA1 8d57c6d94835ac6b1b0f9a657af6baa4be25779d
SHA256 c5d59069dcaf86222c9c189c8ba8932ced66ab77b4baad485e1f0ac715e6037c
SHA512 7eebbff75a67a0408ff2f507d9f1b387dcfbe6765ccd4247fd78a64c2ea6090e88fd30f561e30f48bc107dd9378364fd18dba4ea22eedee76a1f993fbb1e9f32

\Program Files\Java\jdk1.7.0_80\bin\vjcmd.exe

MD5 36e8cb42bbfc16e1395a88d183caed83
SHA1 ca1c513aaa7d49adfe0f43ceec81e6d0c0ae67d8
SHA256 40ea55ebd7ef975135dafffb396871a8ab728abc24b42eaab76f08859994e996
SHA512 f7620b06a5d43d21a0d492b66b0e5bacea6918f1490fb0504e9440524b7ef02ba83d2ae3c2211113b478b8325a3a6b6c8f65939ef5a01b835451cce2e72de00f

C:\Program Files\Java\jdk1.7.0_80\bin\vjavaws.ico

MD5 38b41d03e9dfcbbd08210c5f0b50ba71
SHA1 2fbfde75ce9fe8423d8e7720bf7408cedcb57a70
SHA256 611f2cb2e03bd8dbcb584cd0a1c48accfba072dd3fc4e6d3144e2062553637f5
SHA512 ec97556b6ff6023d9e6302ba586ef27b1b54fbf7e8ac04ff318aa4694f13ad343049210ef17b7b603963984c1340589665d67d9c65fec0f91053ff43b1401ba9

\Program Files\Java\jdk1.7.0_80\bin\vjavaws.exe

MD5 bf91501c9b39c728ade2cf3788b647c8
SHA1 fbcb53c4ca9836f5bbfbb2b63e7a1a00a6bf10c6
SHA256 d602330327fd3630d625c9023131fd2318f677c67aa421631b8a4080dba38578
SHA512 01a6639a580bd418cc4d1dd2bd8794f356c08b6f7fa801245e9200c883d32c6b103aeac2615195868a8e63e3515911de2a9afcced21f62fc41edefdd0a66001c

\Program Files\Java\jdk1.7.0_80\bin\vjconsole.exe

MD5 805f6272e5e3a80aac3540cc5b42b08e
SHA1 437bee3476647f7b55a49630cb86ed4befc34293
SHA256 910dbe44d17bd60a295a956e98e18347080cc879ed7ef7241cd2d0edfc060551
SHA512 319f8f50dfca4adf148edf878fa7c83bc6e4f1053da0c7d412645fcae9c63e67b838c876838805d9a33b28067947d3844479c9ddab11eb9e760b9df285f27041

\Program Files\Java\jdk1.7.0_80\bin\vjinfo.exe

MD5 f499825b88d200d9348b5f97ff297ec7
SHA1 366adce5911c160fa26d6fdb4d65af357cf0e3bc
SHA256 8b2d599efa66da695e503b480f355fc5f22347fcf5c294100abaeb3e9a20c1f6
SHA512 3017bf630ba53ee0855d1e657df197732e4fe2fa6455fabad2085e5a24918589d487362fc2819fff85b3fcf7e684376d4b7a5bbc6e71ea57cc62ab397a87dba9

\Program Files\Java\jdk1.7.0_80\bin\vjmap.exe

MD5 30989429490b9ccbde4fae1fc6df84e4
SHA1 64c8cf20ebb4e8dc31521f0084eb046a9e3f0500
SHA256 aa98634e3668beae535738d25c2094a7ef0d855ebd9d945b484368f9e543bc0d
SHA512 9a78ed9cd8dcf333ea240ff309e24a2e5de39bbeba4e9291b55d51fdbc10ee672c674a9f4393b13819562a0d9bc99667eb03519cefed0218444874f15729eefe

\Program Files\Java\jdk1.7.0_80\bin\vjhat.exe

MD5 1dbd51882c2b82a5496106c31db425f1
SHA1 f47bee48a7d0da0c4930cccc6fe7a8d8600d4b05
SHA256 659fecc81e846405613c2080ac81a567df17c97449a9c2ba179ac216280223db
SHA512 81418b0510b58f782b843312069842aeeede8d35feb8f393807169398464896f281dc13bc82d51279a07adfbe97758b82143218cf9a56d653b3a9d11da62f50f

\Program Files\Java\jdk1.7.0_80\bin\vjmc.exe

MD5 c8db7998995218d59addc586ce9679d6
SHA1 694f18eef5aa6dfe1aa607ad5a08980f9656ed07
SHA256 e3712cd917e4d41696165a98233443d63dbfb28560967de92ca4e707c50d7df2
SHA512 ba7bdfae350c4b98067a2875295a20fbee1b7e9cb1f1afde1a299ca1b8d6aab3996dec59119cd83214461018e5e4ff91894ad3f0e909359382cf5183811d3d12

\Program Files\Java\jdk1.7.0_80\bin\vjrunscript.exe

MD5 c77fa8599058f2f08f6f028ad1ba3d29
SHA1 ea42e7eed011b8b71f32d4d47827a5b56198d134
SHA256 db2beff59876773d223f4813c05c65a1e582604c420ae6d7f6f3844a0a060398
SHA512 f2834be1925ca448884877e7236d2febb72190ebf43a2dab29a76b71c4976360d56df17879966ec74c60b3d62dadd81d577e3034961ed64418c0300f9710f43f

\Program Files\Java\jdk1.7.0_80\bin\vjsadebugd.exe

MD5 da1c77dc8b88afc927144ac6814ffecc
SHA1 ff50b5fefd7275f3972f2e3f228384816fe22e63
SHA256 78d50c2ca489676456b3a0ccd1696dda0f1e1e144baacd26cdbc472869578b30
SHA512 02fbc972c889a71947b2671bcc7e22f9a0edce3e0462f332753d974d73035315aef7b4ae1069e309aa560f98065b792447b2ef8f1e8be1874969de916b2f3e25

\Program Files\Java\jdk1.7.0_80\bin\vjstat.exe

MD5 f9ae41a829d457685c00b08ea9185e1d
SHA1 54eeb13931bfdd989decb7e807996b46b75f1cd6
SHA256 d122b3df7c2b81c5eee0d3165a6741fffbc2298a8eb41740dbe0092eecf3cd47
SHA512 fef83f2670a11536b57dc3a1d86d014b49b83c720976a5592bf6fef2ec45aeb62e269ce0759b150accfc77a94a28423c833b4ad0fbec6a7e0a4132a2b152a538

\Program Files\Java\jdk1.7.0_80\bin\vjstatd.exe

MD5 d33a2ad454c698dc6cc87ff9e484229d
SHA1 cdf4c8db79f2530bdfec32a1909be5d129a23058
SHA256 bf9aef8af2046c69ccc29ab1f9fa0f4b31cfcb1892158877c01e7b3a8c4eadb3
SHA512 682e0b292f0f0cb1613c634a99df53d242ba465f1f754058d508ba8506654ebcb35f79e6e6714a288c2018ab9cdb929ef48a544071bc3ffbf3d362bf3478a818

\Program Files\Java\jdk1.7.0_80\bin\vjstack.exe

MD5 095d24917473c666b8906e45852378f7
SHA1 2ca5842715ad03982eb9094786832775926e4b4d
SHA256 3289a0fb8c701e7eae9fc792329c0eff6cd2a42ffbf1845f4e630a3e1a019529
SHA512 fba9fe4ca6498c9fcf0d251906b537286f2e7bdb2399293c71f9b0bce379c2684da14212231535a81889928fcbe0adf7354bc83e272a3f6d9082f125494cc50c

\Program Files\Java\jdk1.7.0_80\bin\vjps.exe

MD5 4ce9dbe70ae911f1fef704e2c5594214
SHA1 3431c1d6fa21e04e79f0b2f48cd30b037ab009cb
SHA256 e45733934ff8c01f79a98ea2fd6b2a78fc5f0164e5d4fea7aef5119c7218a5fd
SHA512 291420138d84108ebbb8f3dc81bc4595206144b8eac0a459ae63754aa137a3d6789330dc764c6dafb5cecc76908166d93cccaecbcb3987d4cbba662980ee6359

\Program Files\Java\jdk1.7.0_80\bin\vjdb.exe

MD5 0b5681808a793728fc658f1e9b94ec52
SHA1 05763b10f153447edcc08afeeeee71fa2f221033
SHA256 d18fab0d0e24e8f1d9551e2667f6b2c34fcd75232c39e85ce50660588174079f
SHA512 65e64980a30285b29888b9eeb66ec1c27c98a15effd67d761c3c62358e3ec008fbda61feda4fada8f9af8bce740b8f38236495c6f1b274d98c14209cd56b414c

\Program Files\Java\jdk1.7.0_80\jre\bin\vjabswitch.exe

MD5 529a2a19485ba337e8c0b6970583e94e
SHA1 1cc15db40d7bbef978b74ada8aa308e2f1731c77
SHA256 e9c0f8e00e3f884edfb0b776e4d9bb336dd7fba12f0c6d5604b4530d7016861a
SHA512 30598f68560ce73d02a8683555bbba0c316c5f04f05543dc30a273e51fda19567f375d1855d33fb7b2aa66d0faec8d8b43b064cfb5debe4f0d3f06996a416158

\Program Files\Java\jdk1.7.0_80\jre\lib\vlauncher.exe

MD5 db9c946a0f96b6971d8c206b763a12f9
SHA1 f489499793ec2089d4fa8155f0dce9cce3224a01
SHA256 dcfb9c195b17ad00722e50c3f28181e12e3de6f209e756bdde8f137950ab5b89
SHA512 eb23828b588ace5e3468d0f5aedc1cdc5b0c7c362d76481fa53a5b881ddd459661b6cd6b4e3179b16960538b0ea1103ea02174cb5a26a8227fc0ec06837ea98e

\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\vnbexec.exe

MD5 2d721aa8133aae9cedce6601b08344d7
SHA1 2d7d17947fc92e4908e43d5b235bd387890f29aa
SHA256 5dbf3b499d387e4a811f75c79a3e8671aa27eb35cdbbedb28429092e48c2e685
SHA512 669a7acd991438de338862439f8f8acf8f163620e3a4ed2b9972c8e6b1c7c2c0f478f078e3750197bd1c0ad0500de1c7e474c505d33098690014e674553f0567

\Program Files\Java\jre7\bin\vjabswitch.exe

MD5 e795eb03297dd66d2efac2c33920a69f
SHA1 bf41799164d6ab2690c39afa458122ed82f2d0a8
SHA256 133afb441f29c697a5232752483ef2eecc297446f6db941bd68af7ed056cecf1
SHA512 6a334a07afadcd5c29c30add22142392bdc70d8ae0f36140f2ba7c9b4e70a9efd87b7fbd8b3ef862cea7aebdddfd18bb0521308d9a69070ae4a84432f522c4ef

\Program Files\Microsoft Games\FreeCell\vFreeCell.exe

MD5 bef8be93965ec65c51d70030b9b6b058
SHA1 f12148107460625f4f1900c25bf411f320d1b41a
SHA256 93609f1c460fb778e4ae7809455febba3476dcca7c14a461066767442e166f8a
SHA512 6717750cdbfa01da56448032c6515f38560dc39f1c05d7c587d9800f72db0495ac337402a2d29244955b7942c1a3b093d8ebc659f3b3d7ddcf19f6caa69cc68d

\Program Files\Microsoft Games\Chess\vChess.exe

MD5 07dd9dcd1cc2840751a1f8772f3c0195
SHA1 c6203a3990cfbf396ae87110e341f773cd6be4c1
SHA256 9b39147e1ba781ea8e463c22700f6ce354ac5e775e36657fd87bf41074835602
SHA512 5e547dc18a2b44a6dd67f6b43ee5b5b1bbd4ec1e8b5507b0d990837a7adb72b66808e7487f97062d54e4d3c2c7b791e3b580c9ed316e9d003849f7a6f6a3d56b

\Program Files\Microsoft Games\Hearts\vHearts.exe

MD5 a8524f6c3aff774911bca26ab8322602
SHA1 1f4e5b034d74f3c44d0b6744e03da1dd3d5f7531
SHA256 a5bf1cc9dad3f2c8f6212f7bf7e98ddd65528c1243b2b1f697fdd12fbfbe9e7b
SHA512 990b4462faeb5cad5237f185a6fa8fa984a4fbda8ca9d183d2ac6f3fbd27cd10f049c815203d3915c3764e82a3cbdbc59caf9978b7d3c6b524ad2b4a08048172

\Program Files\Microsoft Games\Mahjong\vMahjong.exe

MD5 9aaade86a4659a69cf5aa298c8aeec22
SHA1 94841d5f07be7b55f3b0fd23b4af9b72073ca51c
SHA256 c59f21a65dcebb5e4195087c21e71e055061763c80fd9c681c6a4c0e4b276bcf
SHA512 67b4ea11cc87e899269eb269427f6f4f452332a4666defb84163e74c97f25a5fac4fb9e660ee0c7185ec69311665f4649eb5b655505bab102c5126a2c0008343

\Program Files\Microsoft Games\Minesweeper\vMineSweeper.exe

MD5 b3ee7bd189c5925d4c0d2bbfca00fdd1
SHA1 42b99d7da633aa4c3b23cceade23dbf41b313342
SHA256 f46beabb222d534a11fc3f88b295f9e20962fc8a75cbc19ca25ebfb9b89013ac
SHA512 58695d84e1827a3391ef55df8ab06399d2a98d071245e6161374dc380957e36fbfcd558ef38c6334a928418c6bf37c9b2430701cf67bf65b03a1e9c4c28eb01a

\Program Files\Microsoft Games\Multiplayer\Spades\vshvlzm.exe

MD5 89f37ffa37b28807b1e7628be13664c5
SHA1 c85fdf9b8b47d4d62eec66ba7d15d3232e87033a
SHA256 0c71fa7b4382aff51048a6295a17683edb4eced025263e9f185f2429fc95f549
SHA512 8e0de51e523e173b2378a5bb39690e7d70531cfa3b48aaceb5f3c696865482c7c8ddb5e855b56815980abaab17c95db67b8cf4c2d291f53988e3dd9ed1d08464

\Program Files\Microsoft Games\Multiplayer\Checkers\vchkrzm.exe

MD5 ab0a8849029b4ce1109ba4e86481ab4f
SHA1 ea296baa8b55e744555eb12f890d4fde94dfd6aa
SHA256 61bcc5185bdfe1ec76b4aecdde640be6a8587f4d286c88bd518186e268ed2921
SHA512 37ea780b38a592504561de3864318908554818115bb2070428a1d3fa88187a1ab253e730ba414c45b7cbf02f6eae7a63afb1d0b9731c1f00c6e3d5d79207410b

\Program Files\Microsoft Games\Multiplayer\Backgammon\vbckgzm.exe

MD5 1c9289324b5558aa5a59fb98359b3fd7
SHA1 b32666e34faed4b0acf1ffcfdcc284568ff61269
SHA256 9ad98be79538dce70f850c5f6c22c029053d51e83781e1da194f3473d9c1bad1
SHA512 f3efe541733842926540166ba7404ee90a659f7facfa480a683cc23dc2050a6222a8acf4cacb84c8c3a75ea9370e7880981511d5f43adde8eb030712e4d2e92b

\Program Files\Microsoft Games\Solitaire\vSolitaire.exe

MD5 5bacfd51d926774c8dd8028bec9b4374
SHA1 82bfd05e61d9b2c5849c5dfc35e9bf533c52ec57
SHA256 fd8a8fcf5c1d869864145fbbed7c2dabadd368e4e5b755821ffc4812c0eacf9f
SHA512 5c2a6552501bd73041d8210c68b9a00f960448a6423a183d6b99b7ab40016c916a27f12f7f959b180de4227471a23b19bd977059e0065e987b8012928e042d44

\Program Files\Microsoft Games\SpiderSolitaire\vSpiderSolitaire.exe

MD5 53534f0bc0beffd60fc13864b3034984
SHA1 1e2d356735a050519e86c13f3ce9479f9ab91d1f
SHA256 59ac7a6bec0c00352fd321d7375e143db940a77c4e1cade30eb9a6d38b6355f5
SHA512 91b1e38d87a88979d48d3a16ef573265b0e59af20acdc1e80ce3a8dba3c4b8af08f9b952281572058f553c1e3c93e1c7c0eb1b473fd406956b27aafadd201461

\Program Files\Microsoft Games\Purble Place\vPurblePlace.exe

MD5 eb596e72f63b7c31be8df75fa8829b3f
SHA1 3ef9b9128e2b3108b77ccd493716f76595141724
SHA256 e10f315021eef7585b086547741c3b78da85e1220c161a063fe0126b17938112
SHA512 d296f90a0d547db202f985738d81d2a6f37a440e7229707730ecc1dac97bacc3e62ca809819cae50ae30fb8d30176ea0d14bbb8c6656505430f83429cd543d50

\Program Files\Mozilla Firefox\vcrashreporter.exe

MD5 73603c36b4d1522c3402d67ecf657312
SHA1 6a964ae5d681455c320ea0f8611b79a99a35b283
SHA256 7fb934da4bebc1cb81c3e9f5be4dbb3e43aa8098b6e63f5e0b97b3cc105830b4
SHA512 5fdc5f8ab72bd05ebea6068c896a7805211a9bdccf0167f48ac456a1e4283b59001e588d7349e34f8511fa297f98af8d5140c883e6d4a192af8d350a433c0238

F:\autorun.inf

MD5 5513829683bff23161ca7d8595c25c72
SHA1 9961b65bbd3bac109dddd3a161fc30650e8a7096
SHA256 94e323bd9071db7369ade16f45454e7a0dbfb6a39efddc1234c4719d1f7ee4c2
SHA512 308c84446106cda0a71e37b0de46aaf4b7361f9ddcc3c4c29f8e87da8acb606525dce8a42caf9d74e708c56b31c524f9535a2f5f4757c6c357401da1c495ddb6

\Program Files\VideoLAN\VLC\vuninstall.exe

MD5 cf93bcbabd558cf3a4643084ec339248
SHA1 b1157a1a90ae5681bf9b1bc91a76a02bcb7c0358
SHA256 9688e690947d9e5fa9d0f871c39742e29ef14f391d9301fc82c6eb7f7534f916
SHA512 e3b9b2065db071e862d3af20dc2ac995a4dce01c60b148395887ef530acdd0668f64fa5d5a6d40adf0e6f850a4c4251bf74382bfde9ed8ee51b9645ae635bb34

\Program Files\Microsoft Office\Office14\vMSOHTMED.EXE

MD5 78e89dc545e6374c4e6c09c1d3ce0466
SHA1 bcbfe02e7fed041894db6404e60690d02301b763
SHA256 fabc7c12fd6523338f8adb3fefcaed7f213afe95e784ef36ecdf42da67421ab1
SHA512 6f4dbd49e79c5e540ea9b35e4acbcaf7c294781691ee4681580048aa75671d9d3f48c4d474ec834d9c193d2c597302554a6ce6c10651a4cc9d11db284b0884f8

memory/1352-333-0x00000000001C0000-0x00000000001C1000-memory.dmp

memory/1352-332-0x0000000000400000-0x00000000004DB000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-23 10:46

Reported

2024-10-23 10:48

Platform

win10v2004-20241007-en

Max time kernel

110s

Max time network

109s

Command Line

"C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe"

Signatures

Detects Renamer worm.

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Renamer, Grenam

worm renamer

Drops startup file

Description Indicator Process Target
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Paint.lnk C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A

Drops autorun.inf file

Description Indicator Process Target
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\vjinfo.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\vCLVIEW.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\vaccicons.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\misc.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Mozilla Firefox\crashreporter.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\7-Zip\vUninstall.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\jre\bin\vjabswitch.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\createdump.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vjabswitch.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vjar.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\vjcmd.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\CLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\vFLTLDR.EXE C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Windows Security\BrowserCore\BrowserCore.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Google\Chrome\Application\chrome_proxy.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vjabswitch.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\Office16\vCLVIEW.EXE C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\uk-UA\InputPersonalization.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javac.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\vidlj.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vjcmd.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-040C-1000-0000000FF1CE}\misc.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\vmisc.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\vSmartTagInstall.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\vSQLDumper.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-006E-0409-1000-0000000FF1CE}\vmisc.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\vmisc.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Google\Chrome\Application\vchrome.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\vLICLUA.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\velevation_service.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vjavap.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javaws.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Source Engine\OSE.EXE C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\vnotification_helper.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\vOSE.EXE C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\vcreatedump.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\vjavafxpackager.ico C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\vjavaws.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A
File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\bfsvc.exe C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe

"C:\Users\Admin\AppData\Local\Temp\857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7dbN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 104.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 73.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 138.201.86.20.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 79.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

memory/4644-0-0x0000000002380000-0x0000000002381000-memory.dmp

C:\Program Files\7-Zip\7z.exe

MD5 0051678c4dbd4fc47874f4b707503780
SHA1 e5c65b6760840653bcd97ad87d35debdcf083969
SHA256 857ecbc9d9801c1bae8ea9cb436181bed47659bc176620d7e84c2a063cc6e7db
SHA512 ab78d093408b28fdac13a3c4c5387e2e1c9fdad4dd522624b9c4a66f8ec64b86068a308f9b0fcb060b2fc0cd51cae3c874dd0f86501f43f18a3e19078dd5a439

C:\Program Files\Java\jdk-1.8\bin\vjavaws.ico

MD5 38b41d03e9dfcbbd08210c5f0b50ba71
SHA1 2fbfde75ce9fe8423d8e7720bf7408cedcb57a70
SHA256 611f2cb2e03bd8dbcb584cd0a1c48accfba072dd3fc4e6d3144e2062553637f5
SHA512 ec97556b6ff6023d9e6302ba586ef27b1b54fbf7e8ac04ff318aa4694f13ad343049210ef17b7b603963984c1340589665d67d9c65fec0f91053ff43b1401ba9

C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-001F-0C0A-1000-0000000FF1CE}\vmisc.ico

MD5 fc27f73816c9f640d800cdc1c9294751
SHA1 e6c3d8835d1de4e9606e5588e741cd1be27398f6
SHA256 3cc5043caa157e5f9b1870527b8c323850bdae1e58d6760e4e895d2ab8a35a05
SHA512 9e36b96acc97bc7cd45e67a47f1ae7ab7d3818cc2fdaad147524ce9e4baedfaac9cd012923ec65db763bfd850c65b497376bb0694508bee59747f97bf1591fd4

C:\Program Files\Microsoft Office 15\ClientX64\vIntegratedOffice.ico

MD5 3ea9bcbc01e1a652de5a6fc291a66d1a
SHA1 aee490d53ee201879dff37503a0796c77642a792
SHA256 a058bfd185fe714927e15642004866449bce425d34292a08af56d66cf03ebe6c
SHA512 7c740132f026341770b6a20575786da581d8a31850d0d680978a00cc4dfca1e848ef9cdc32e51bae680ea13f6cc0d7324c38765cb4e26dcb2e423aced7da0501

F:\autorun.inf

MD5 5513829683bff23161ca7d8595c25c72
SHA1 9961b65bbd3bac109dddd3a161fc30650e8a7096
SHA256 94e323bd9071db7369ade16f45454e7a0dbfb6a39efddc1234c4719d1f7ee4c2
SHA512 308c84446106cda0a71e37b0de46aaf4b7361f9ddcc3c4c29f8e87da8acb606525dce8a42caf9d74e708c56b31c524f9535a2f5f4757c6c357401da1c495ddb6

memory/4644-275-0x0000000002380000-0x0000000002381000-memory.dmp

memory/4644-274-0x0000000000400000-0x00000000004DB000-memory.dmp