Malware Analysis Report

2024-12-07 10:16

Sample ID 241112-qkzkxswqek
Target daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N
SHA256 daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654
Tags
discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654

Threat Level: Likely malicious

The file daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware

Renames multiple (4169) files with added filename extension

Renames multiple (2875) files with added filename extension

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Unsigned PE

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-12 13:19

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-12 13:19

Reported

2024-11-12 13:21

Platform

win7-20240903-en

Max time kernel

120s

Max time network

121s

Command Line

"C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe"

Signatures

Renames multiple (2875) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-uihandler.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\bin\dtplugin\deployJava1.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Mozilla Firefox\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Chuuk.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Brisbane.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\7-Zip\Uninstall.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\bin\gstreamer-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Windows.Presentation.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Malta.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\7-Zip\Lang\el.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-favorites.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-javahelp.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-windows.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\bin\rmiregistry.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Porto_Velho.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Mozilla Firefox\omni.ja.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Mozilla Firefox\msvcp140.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\System.Printing.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Saipan.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\DVD Maker\rtstreamsink.ax.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\VERSION.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark_win.css.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT-3.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\asl-v20.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.jarprocessor.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe

"C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe"

Network

N/A

Files

C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

MD5 afb4cac30a80d120195e1b039063a13e
SHA1 f1f7d71700641bce2a4acdd9746b58e8ed256b0f
SHA256 3dd91a4f21d2988cc03707c25fc4de6ea3cba47ce614a84c58b2ad8ed9b1e2f6
SHA512 33985e1ea050eb2e449f7a26c67327081c4bd9872e3e5665a1180f83713772e0d2ed961742bdb4c51c69063a9606a31fd0f4b7832b23a92722ae4ba00add0746

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 b71e988f4007a44ab9fbd7076ad9571f
SHA1 d0ae38b661ccd14cd83475f3bfdceb08890f7f27
SHA256 87f9544b7788a6b8556900f5ee56312ca8e65725a3f0c66e81d3d61ae93d9f1b
SHA512 09fd5e51441e86c1a09d69a04fadcfb63099c0c59b7c7d7c043cb5a28525387ce892242dda559d13a57e6bcc31f6f8f605697d9919b27281d3c272a1e2e2bd6b

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-12 13:19

Reported

2024-11-12 13:21

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe"

Signatures

Renames multiple (4169) files with added filename extension

ransomware

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\unlimited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\freebxml.md.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\officeinventoryagentfallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\Microsoft.NETCore.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Subscription-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019VL_KMS_Client_AE-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\DataStreamerLibrary.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\mscorlib.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Linq.Expressions.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\7-Zip\Lang\uk.txt.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\7-Zip\7-zip32.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription3-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.XDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\javaws.policy.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_COL.HXC.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_O16EnterpriseVL_Bypass30-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Common Files\Services\verisign.bmp.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.X509Certificates.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\concrt140.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ssv.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clretwrc.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\VisualElements\Logo.png.tmp C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe

"C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 154.239.44.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.227.111.52.in-addr.arpa udp

Files

C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

MD5 8ac9686e220d5da588bddccaad2fcb67
SHA1 06dac5654a037efb0893db301112287e67231b9b
SHA256 e4768023e6f49c0fdbbf95c418c9276a3a2f2c74b0b70b58ec3e7b6dfacd0ffe
SHA512 e3d9fcf303d7a93a59f89eb1103e6e202e3d57b47598ad360cdc75cc1032030b980e32efe8aaa6a3780334618eb50540947b51097fe224780ae51f744cc0c5a2

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 392553f26101d3499159714887e74746
SHA1 c43aedfec7eda06dfff69ac8f267c3f9c490d751
SHA256 946ae8170fb8acecf4e86468d2a1546d20000d712cef8673a221a06cbdecfdcf
SHA512 f6c5f884fcca9071ecf42f827efb4439cbc3c89a180666c76d1bc0a1d32069f61c69ffc4df630c41c04c39082e1daef927415769e8d5d66cbc1800557b2b4b76