Malware Analysis Report

2024-12-07 10:16

Sample ID 241112-n31vlasckm
Target 6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe
SHA256 7835bfa9fe4ccf19b768a291997a6b9413351a7890ed80f2a3fb631719c45a75
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7835bfa9fe4ccf19b768a291997a6b9413351a7890ed80f2a3fb631719c45a75

Threat Level: Likely malicious

The file 6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (2721) files with added filename extension

Renames multiple (3819) files with added filename extension

UPX packed file

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 11:56

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 11:56

Reported

2024-11-12 11:58

Platform

win7-20241023-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe"

Signatures

Renames multiple (2721) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-uihandler.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Ust-Nera.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms_3.6.100.v20140422-1825.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-queries_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jre7\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Shanghai.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\about.html.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-snaptracer.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-sa.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Monaco.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\npdeployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-options.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Costa_Rica.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bangkok.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPBluHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Canary.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\ShvlRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jre7\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Rio_Gallegos.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\artifacts.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.docs.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe

"C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe"

Network

N/A

Files

memory/2396-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini.tmp

MD5 0a1bacf33ab3972c104355d2dec4eb94
SHA1 8ceb8155bcf5e93db5ff210f85a7d0111ec85af2
SHA256 42a63c21505319544afd05a89589e3605896032759a0bb30ce7f7723ea6467c9
SHA512 0050021e57226347330b648b931ae83144c4b1618d623cb51044c40b5f287e8ecf9f3d806650998379ede313673dcd0b5f8a464bca2a5c411aa878da16a03b8d

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 7e0aa6f47536cd253d080598c5a00418
SHA1 c955a5cb94cf161b65248f672ce1a9b1adc296d4
SHA256 cee99b6d44a1395b58d2a032a4584eb25b89bab264ecdc85287f6da8cd547e93
SHA512 9dc8454a9d4596e33db708f1806404cd15e6592068767ae1c471773d4285c87a6af037f45c136d3ba1212b10e099bb602b399eeee81895c36fb4c2e955554f48

memory/2396-62-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 11:56

Reported

2024-11-12 11:58

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

97s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe"

Signatures

Renames multiple (3819) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial3-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Consolas-Verdana.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Http.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\7-Zip\Lang\ms.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\7-Zip\Lang\zh-tw.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fi.pak.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\7-Zip\Lang\eo.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.Process.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Crashpad\settings.dat.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\7-Zip\Lang\sr-spl.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_KMS_Automation-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019VL_MAK_AE-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Text.Encoding.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.WindowsDesktop.App.runtimeconfig.json.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Subscription-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Excel2019R_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\fre\StartMenu_Win7_RTL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Uri.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe

"C:\Users\Admin\AppData\Local\Temp\6b75d2b28f07b263295e7980031d84adf2a4a227de62307785c998cd44c5d686N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 2.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 70.209.201.84.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/4764-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

MD5 6f4fdb05eae9a2cb83e057c8e8f9156e
SHA1 827212e28a4078f3358f573085f862751c69c51a
SHA256 1e8db260917e9b894868d7990f60be662b261948622923d4d5b961e5d108f8e4
SHA512 1efa3a971035578426995c6a543273d392a0d4960d7997eb4bc246550e35a018bb0dfa3f71266cb3f3b48dcd9eadef109f0076b460b6fdac1582b8e814d0188d

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 e2ab51c01e719195fcaf8165fed55c93
SHA1 ab6bd36dc4d7c3fb33db231acd6f5f10829271a8
SHA256 4e99fc72903a58deca03332e336da44a372fd76f026baecf699bba3937a0818a
SHA512 427ddb7340d60e08fc71c60aa0ef2b9aa245bddd037ebe1dd36e6020b1abc924b18d90717a7727f6f1fda39f1098627cd0c07fd8ca0d016ff9b9f30f1b8a0063

memory/4764-648-0x0000000000400000-0x000000000040B000-memory.dmp