Malware Analysis Report

2024-12-07 10:16

Sample ID 241112-1jsfbsvnhm
Target d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe
SHA256 d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693

Threat Level: Likely malicious

The file d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4617) files with added filename extension

Renames multiple (3101) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 21:41

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 21:41

Reported

2024-11-12 21:43

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe"

Signatures

Renames multiple (3101) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Oslo.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\7-Zip\Lang\eu.txt.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-lib-uihandler.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Bissau.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\System.Speech.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-compat_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_150.png.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\7-Zip\Lang\sl.txt.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+7.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-14.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\lib\logging.properties.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\bookicon.gif.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.DirectoryServices.AccountManagement.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdfmap.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-api-caching.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\bin\java_crw_demo.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\UIAutomationClientsideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\HideUninstall.rle.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Oral.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Troll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\MST7MDT.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kolkata.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\Office14\MAPISHELL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.servlet.jsp_2.2.0.v201112011158.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_olv.css.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe

"C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe"

Network

N/A

Files

memory/2368-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 7d5feb78b53bfead2a04247a357d86ec
SHA1 8bb935ab09033afdfe1b4a067f8efa8b36138782
SHA256 2fb6a9ffed81e1849d620f06aec32d278c4cdfa095317bbfb4c0e6e0adeb7157
SHA512 970aadaf4b4c1648e352e01d39fb98981c755d225493709f33ffbbd3926bcbf1c42947fcf6db10ca95e3fe1384d9c4a9b0c3f6c218c57ece4683aef0794dae23

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 46ca6d5fe38d740e734264a104c9f659
SHA1 50a2c4d6c85b749119785385c90d0df4ef0821a0
SHA256 417c15b056eaded58bbb8eab7f5a486d24b5f8ed8385982543a7435d8adbada5
SHA512 ea44015c3f88d02a847d5cf222b998d79eb1583a844fdfaab9d7531b6068aab2f4afc862cf3ee8a989cc1fd0d1046782fec1a9f3c6d9383ad807a67b54ffaf7e

memory/2368-70-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 21:41

Reported

2024-11-12 21:43

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe"

Signatures

Renames multiple (4617) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MEDIA\BREEZE.WAV.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Windows.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.IsolatedStorage.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ExcelNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Diagnostics.EventLog.Messages.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.wordmui.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\de\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.ServicePoint.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019R_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.contrast-black_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\dotnet.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Security.Cryptography.ProtectedData.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\zlib.md.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Common Files\System\ado\msador28.tlb.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\pt-PT.pak.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PersonalDemoR_BypassTrial180-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.SqlServer.Types.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\UIAutomationTypes.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\java.policy.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\javafx.properties.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\ct.sym.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\MLASeventhEditionOfficeOnline.xsl.tmp C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe

"C:\Users\Admin\AppData\Local\Temp\d5376ca1297b26b9e6b9231fa9df0b484dbae0aba54910e3677629232197e693.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp

Files

memory/2156-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 a960bc1b34bcf757cc8f2a4edec2f2ea
SHA1 12d7a05be7bf119748e3bbe64ed16c22dc11bf0c
SHA256 d7257fae95ca669afff73e653176b05bcaff58a7a244f3e742c2607b7a71d570
SHA512 9f0944828e9d14f26ffe098dee6968e18c78ebbe4b88a5e99d15f4f5fa3d19fb3dcf921474a247ea04f61a0f54887673ef4cc250013c47508e85c198ccf66293

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 3b1907e8777f7bac7ca0f7278085e35b
SHA1 b393ea21b1e424ae1a434d746e37d3f267ddf621
SHA256 bc5cca5006cd1144573c67bddca92309815bcc839a87d94d8224f2cb6597d5c7
SHA512 aad2d0c9dfcddb11154e0474f3d2bf83c470a2c2f60b3fa9110b3adce29a184dea097b268f43618193899616dd320b7c4a065cf94dae5505a9f77b73fc195a47

memory/2156-666-0x0000000000400000-0x000000000040B000-memory.dmp