Analysis Overview
SHA256
456a9f123240fde505023db7a296d9132239203f73aed4e8bb53ccc7f34d1f12
Threat Level: Shows suspicious behavior
The file 2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch was found to be: Shows suspicious behavior.
Malicious Activity Summary
Drops desktop.ini file(s)
UPX packed file
Drops file in Program Files directory
Unsigned PE
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-11-10 06:38
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 06:38
Reported
2024-11-10 06:41
Platform
win7-20241010-en
Max time kernel
117s
Max time network
119s
Command Line
Signatures
Drops desktop.ini file(s)
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.codec_1.6.0.v201305230611.jar.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre7\lib\zi\Africa\Lagos | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\postSigningData | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.zh_CN_5.5.0.165303.jar | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-io-ui.jar | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Chess\Chess.dll.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\demux\libsubtitle_plugin.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\background.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Media Player\ja-JP\wmlaunch.exe.mui.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Windows.Presentation.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Games\Multiplayer\Spades\it-IT\shvlzm.exe.mui | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.core.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Mozilla Firefox\private_browsing.VisualElementsManifest.xml | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access\libhttp_plugin.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Photo Viewer\ImagingDevices.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\library.js.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\RepairEdit.wvx.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\lua\http\mobile_browse.html | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\skins\default.vlt | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\localizedStrings.js | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\settings.js.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_zh_4.4.0.v20140623020002.jar.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro_3.4.200.v20130326-1254.jar | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.equinox.nl_ja_4.4.0.v20140623020002.jar.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Media Player\ja-JP\wmpnssui.dll.mui | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\gadget.xml.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+5 | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.transport.ecf.nl_zh_4.4.0.v20140623020002.jar | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\dialdot_lrg.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\flower_settings.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Vladivostok | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jre7\lib\zi\Asia\Anadyr.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\vlc.exe.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\settings.css.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe"
Network
Files
memory/2136-0-0x0000000000400000-0x00000000005BA000-memory.dmp
C:\Program Files\7-Zip\7-zip32.dll.exe
| MD5 | 02b54296468fa19bd7494e8f842f17c4 |
| SHA1 | 4b171d2f1929182ae1cdf88d3f345766fe69f4fa |
| SHA256 | 84c100c93cf5d83629db252f652803da651e9803bff6da63a313243b258a2893 |
| SHA512 | d83e97aa3d8da02bdf084df05f4af657d09f89664fa57c164f27659dc3ea85f9522736abc32c690bca06610882521a3040d0566d49bbed3efa443193a490ab5f |
memory/2136-1888-0x0000000000400000-0x00000000005BA000-memory.dmp
memory/2136-9242-0x0000000000400000-0x00000000005BA000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 06:38
Reported
2024-11-10 06:41
Platform
win10v2004-20241007-en
Max time kernel
93s
Max time network
148s
Command Line
Signatures
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File created | C:\Program Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\officons.ttf | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\jli.dll.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-pl.xrm-ms | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_2019.1111.2029.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ObjectModel.dll.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\PresentationUI.resources.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jre-1.8\lib\security\trusted.libraries | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubSplashScreen.scale-100.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailLargeTile.scale-100.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookMedTile.scale-400.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreSmallTile.scale-200.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-ppd.xrm-ms.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\RICEPAPR\THMBNAIL.PNG.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\access\libdtv_plugin.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\Attribution\wdt.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\TriPeaks.Wide.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-100.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Smart Tag\METCONV.DLL.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Standard.targetsize-20_contrast-white.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\legal\jdk\lcms.md | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-64_altform-unplated.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\Timer3Sec.targetsize-24.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedAppList.scale-200.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\LTR\contrast-black\WideTile.scale-100.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Forms.resources.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\24.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-80_altform-unplated_contrast-black.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationTypes.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_TeethSmile.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.Compression.Native.dll.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\StoreLogo.scale-100.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\194.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\en-gb\locimages\offsymb.ttf.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarBadge.scale-100.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\WindowsFormsIntegration.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.VisualStudio.Tools.Applications.Runtime.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\JumpListNotesList.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fa.pak | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\CalculatorLargeTile.contrast-white_scale-125.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteNotebookMedTile.scale-400.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AlarmsSmallTile.contrast-white_scale-125.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Images\contrast-white\Settings.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_92.0.902.67_neutral__8wekyb3d8bbwe\AppxManifest.xml | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\bin\jcmd.exe.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\1033\MAPISHELLR.DLL.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-16_altform-unplated.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_11811.1001.18.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreWideTile.scale-200.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\en-us\oregres.dll.mui | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Analysis Services\AS OLEDB\140\msolui.dll.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\VideoLAN\VLC\lua\playlist\twitch.luac.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\MicrosoftAccount.scale-140.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ppd.xrm-ms | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ul-oob.xrm-ms.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File opened for modification | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Cartridges\sql2000.xsl | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\Wide310x150Logo.scale-200.png | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
| File created | C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.targetsize-40.png.exe | C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe
"C:\Users\Admin\AppData\Local\Temp\2024-11-10_63d4a6c1fb6621ab57697a4a2e6dbbd7_snatch.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
Files
memory/2872-0-0x0000000000400000-0x00000000005BA000-memory.dmp
C:\Program Files\7-Zip\7-zip32.dll
| MD5 | 0d4955f2044e23bc7e9a7bde813a2172 |
| SHA1 | df1461904e15f0ce8e151243711be9c567c7ed63 |
| SHA256 | d3750387f450698b5adb204fdd769fa529d8ccbd0873d0e6d3d5eb2e45fdfee8 |
| SHA512 | 5f12cfc4a28956dcb5228d3a7a0f4ddffb0c1901e9bfabd527e3759bf3a03a52a2f6069a433896d68c97f08e95fcde82a461ca95520343c7df803e86efc54edb |
memory/2872-1215-0x0000000000400000-0x00000000005BA000-memory.dmp
memory/2872-14143-0x0000000000400000-0x00000000005BA000-memory.dmp