Malware Analysis Report

2024-12-07 10:03

Sample ID 241113-3a5qeavjhn
Target 69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe
SHA256 69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37

Threat Level: Likely malicious

The file 69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2911) files with added filename extension

Renames multiple (4581) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 23:19

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 23:19

Reported

2024-11-13 23:21

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe"

Signatures

Renames multiple (2911) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Internet Explorer\perfcore.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\updater.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jre7\lib\security\trusted.libraries.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.ssl_1.1.0.v20140827-1444.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jre7\lib\management\management.properties.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Games\Mahjong\de-DE\Mahjong.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\EST5EDT.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Mozilla Firefox\browser\crashreporter-override.ini.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Internet Explorer\perf_nt.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Managua.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rcp.application_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jre7\lib\cmm\GRAY.pf.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jre7\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\lv\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belize.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_ja.properties.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\El_Aaiun.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Tarawa.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.service.exsd.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Taipei.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.descriptorProvider.exsd.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Internet Explorer\jsdebuggeride.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerEvaluators.exsd.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.views.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\Office14\IEAWSDC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe

"C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe"

Network

N/A

Files

memory/2500-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 246f691db55fb3cb1684fe5183411f38
SHA1 bc6ed2cd14365c2fbfb5a0fdb53e19b1ebdef8de
SHA256 4dabac4fc89b55b55e4a949ca6faa0455fafe0f0ac359ab1f45383caf6108022
SHA512 2995cbc0b7cb27c8e288fcc11591e7341efd4718be60f9ea70ebe1d466e018ef7291517ad7b550894eefcc454a9ded0b9289f4aa102cedf778efc4dd176670ef

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 626d6227ac6118c291c5cbde0823cc66
SHA1 a60dc955c97c56a4e4f4aaddbdf9078f1b6b5790
SHA256 b0a9f6f60387e63053ffeea6d189b0fdf5f60ba28edd1114457acfed8557c5d3
SHA512 6f0303734549e7fe7f834bb4c69919821c80fdc451df60fe9d09b727e066ba9d0dcfda6025db33f53c09064f9746917b93e023fbed0e2aaa9ec081e5a8c4c850

memory/2500-68-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 23:19

Reported

2024-11-13 23:21

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

93s

Command Line

"C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe"

Signatures

Renames multiple (4581) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\localedata.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Grace-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\hr.pak.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.ConnectionUI.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHSAPIFE.DLL.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelCtxUICellLayoutModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\tr\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems64.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial5-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\loc\AppXManifestLoc.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\7-Zip\Lang\ar.txt.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\fr\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.DocumentServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-math-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XPath.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.XmlSerializers.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\UIAutomationClientSideProviders.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-localization-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\mfc140u.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\PresentationFramework-SystemXmlLinq.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jdeps.exe.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\7-Zip\Lang\ga.txt.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Xml.XmlDocument.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\SETLANG_COL.HXT.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Dynamic.Runtime.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\jpeg_fx.md.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-filesystem-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Collections.Specialized.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\deploy\messages.properties.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\nashorn.jar.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Data.DataSetExtensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe

"C:\Users\Admin\AppData\Local\Temp\69a1e7cfb7e85a27661aa01a24165a7adb75c3512ab97d51ff0333b67e875a37.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 149.220.183.52.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 50.23.12.20.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 107.12.20.2.in-addr.arpa udp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp

Files

memory/2856-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

MD5 b73936fd4594c6f7a223ce66ea403fc9
SHA1 859b8a7f1363e92d6c458e2cf116cd33f6a426f3
SHA256 61dcc91a888222d14793640857fea376b7ef884ebcc3cf6730affdd6fe3298b0
SHA512 6f71ec2efbe0494f6663b2ecd2973b88a9ac1fcd1b335dc911fc49e06556aa9d42bce9acfa1389bac6586b5fdc140269627260d1676af7334ccb57c3de99d186

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 54303f4092679069ca05a562fd090cd9
SHA1 7d5ea64c59c942856f14445e6d2fcb88662875c3
SHA256 42726b0b090de37d22b88ad39ef59c2e03c130f6c681f801e3276b9b98e33536
SHA512 a11a2ecebca45572803f429b3ed8c988abd2a8933ee8bedb3a3ba0d7d75c0f7ef4e868ebd105ff437a5825ec4a6a38ce525a648089b7273edf3fc348f8b4cb95

memory/2856-718-0x0000000000400000-0x000000000040B000-memory.dmp