Malware Analysis Report

2024-12-07 10:16

Sample ID 241112-m3738s1ekm
Target 98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe
SHA256 98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088

Threat Level: Likely malicious

The file 98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (4333) files with added filename extension

Renames multiple (329) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 11:00

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 11:00

Reported

2024-11-12 11:02

Platform

win7-20241010-en

Max time kernel

120s

Max time network

19s

Command Line

"C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe"

Signatures

Renames multiple (329) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\System\ado\adovbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\7-Zip\Lang\fur.txt.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\7-Zip\Lang\hu.txt.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\7-Zip\readme.txt.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\7-Zip\7z.sfx.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\System\ado\msado20.tlb.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe

"C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe"

Network

N/A

Files

memory/1580-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

MD5 221775d7762873dd02b2939ac03f193a
SHA1 db4c5ba4f810c1db490b42345ab1993033e78680
SHA256 dc4558dc18f5ed4303ea52b5dd3842dcdb159027502218c0a916ed48ce308d70
SHA512 26628e17a3d47eced03c4af44d5387d7791bb1530982bc3cd5d3d4e74d748f4dfdf1a1e6b92808ba1f211a3bb49d0725b7cb93ec4cd4c3cfcc2b4b40a7024c44

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 4a4db0c5e42983893a0eb4776ea1dc37
SHA1 2d26ab6dffd917e3361309b315efd2c3cb818584
SHA256 2f0cf916fd604c9001d892423ed4800ccdd5a030102a588cf6c161978e4a6e38
SHA512 07f7207c90afdf0486b443b9ac661b5548f20c0283e5ea1bae60be8aca41c872c0ee8f10155cdf991406be17a17d04232e5c5a67a5af741802a82c76b0f0c440

memory/1580-26-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 11:00

Reported

2024-11-12 11:02

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe"

Signatures

Renames multiple (4333) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp4-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\vcruntime140.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Accessibility.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\TrebuchetMs.xml.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp5-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Collections.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-process-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_KMS_Client_AE-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Threading.Channels.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Slipstream.xml.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019MSDNR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l2-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Reflection.DispatchProxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Aero2.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\DirectWriteForwarder.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\ur.pak.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.ObjectModel.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscorrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RIntLoc.en-us.16.msi.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStd2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Contracts.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\es.pak.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\libpng.md.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Ion.thmx.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\ClientPreview_eula.txt.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteFreeR_Bypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TelemetryLog.xltx.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\msvcr120.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.PowerBI.AdomdDataExtension.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Claims.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Intrinsics.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.CodePages.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-runtime-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hwrdeulm.dat.tmp C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe

"C:\Users\Admin\AppData\Local\Temp\98b0e2f87106150efbf500539e8be32607a51e316a842fb8e336e037f6f00088.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 105.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 136.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 73.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/3140-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 83fab146995d9dc4079db9c183e6714b
SHA1 f76413b0c45b0119f1111909b2bf78a179bb2a15
SHA256 de0fe46801b1ef42b7b0bcd2684a536fa15cdcf6a0e19efc69f7c92b73bb607e
SHA512 3ce6ba09ea2beb24ed2301db8d99bcf1685034e20d3da5608db4a86a8818df00e9c0e0d3a4dda621ff4e7c73f89bc8bbd1e661dc5542ff372235905206568759

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 9ae8393a01bd8a870435603446a970c7
SHA1 365bad6e0a8f8aefb15af79507edb433b0522bb0
SHA256 6bc8a366bc2751e5ffe991dd3a5d37e399ae8ae596ae3487fe6131caa342f1e4
SHA512 188859aa22c459d34216466706c175ad3d5d44572b1a92af2f1d2c8a1728208fcd8dae7be5a5ee882d6d7c0cfcf838da7a27c0cf8ccd53a918ec3fdf74cdf473

memory/3140-652-0x0000000000400000-0x000000000040B000-memory.dmp