Malware Analysis Report

2024-12-07 10:15

Sample ID 241112-m398la1ekn
Target 9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe
SHA256 9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03

Threat Level: Likely malicious

The file 9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2857) files with added filename extension

Renames multiple (4179) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 11:00

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 11:00

Reported

2024-11-12 11:02

Platform

win7-20240903-en

Max time kernel

120s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe"

Signatures

Renames multiple (2857) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\HST10.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\7-Zip\Lang\sw.txt.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.registry_3.5.400.v20140428-1507.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-spi-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Bishkek.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Riga.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Backgammon\de-DE\bckgzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cancun.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre7\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.http.jetty_3.0.200.v20131021-1843.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app_1.0.300.v20140228-1829.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcer.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcs.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Volgograd.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-keyring-impl.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Moncton.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\7-Zip\7z.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sendopts.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-utilities_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+12.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\lib\locale\jfluid-server_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre7\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.Services.Design.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_HK.properties.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-settings.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Mozilla Firefox\default-browser-agent.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe

"C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe"

Network

N/A

Files

memory/1792-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 feb382229f169cd7532ed3ab889f0b0c
SHA1 735e309df88f1d28c6738ed117aceaa5cdfc8747
SHA256 2b609e6cb0befb61ecb8fcf9c3e7be18fdc180fbd50a96c9ad3fa2f5e722913b
SHA512 641e0c00ac183a08bd9a2d6bb12d7f3a83ae272e187bc6b4823b60c30403971535df45134843be21ecfc1cda13989c62931683bc3afdd39e084fb5d867e9a65a

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 45cff6a68d3ce6bbeb0ea9052f47b97b
SHA1 71d835421c5f076da76b3d054efc57223084d332
SHA256 c5de20e1557025b71778f01854b32fa760bec3de7a6e76bdeaef63bc6308baf5
SHA512 bff67f1a44152c739c50aa2b9437f03246d2ad8a104070a70da5f3043248e4d09f0592647bea773288fcdcd4890d7b2ab63a7f85bb01f80e6794e25aa624b03d

memory/1792-69-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 11:00

Reported

2024-11-12 11:02

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe"

Signatures

Renames multiple (4179) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\.version.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\BHOINTL.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\123.0.6312.122.manifest.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.NetworkInformation.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Container.NetFX40.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Data.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.FileVersionInfo.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssvagent.exe.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\cacerts.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7.wmv.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\bwnumbered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\dicjp.bin.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Text.RegularExpressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\management\snmp.acl.template.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue Green.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\TellMeWord.nrr.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.CodeDom.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\classlist.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\WPFEXTENSIONS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected] C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngdatatype.md.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_KMS_Client_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\LogoBeta.png.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\meta-index.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Resources.Reader.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPointR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe

"C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 71.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp

Files

memory/3312-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 781506288ef319d34c4ccd35b61d378a
SHA1 ceb6c756af63839416e78fa26a42f93f6b785fcb
SHA256 58534bf98f822331cb0e3566ae30d20668f9ba74c618a63111778cb9d0a40c07
SHA512 6a5d11f45020411897a09065e958e165dd6d9035df919047692563c6f4ecbbb07d94cb0720e81677ba93d2d9fac2f37e045ea50428208296d71ca538aa695687

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 d25ccb3527b01a573cf4459eba6d6f23
SHA1 b1f6b379905e119b726294e4ecbbd88ee999b192
SHA256 021a9f46b3fe47fa288674b9bf045d976039c4330b8f1dd57fcb7234191acfd0
SHA512 0b5d5653fa3a82d1a11fad28c8d023247045e20c63fa181adfb3953a26c973612a6493c52a23f54fa9566b4f00b07cc4c4d7c75d9ba88b44ad25ff91c5f45bfc

memory/3312-661-0x0000000000400000-0x000000000040A000-memory.dmp