Malware Analysis Report

2024-12-07 10:21

Sample ID 241113-cetktsvbnb
Target 6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe
SHA256 6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3

Threat Level: Likely malicious

The file 6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2703) files with added filename extension

Renames multiple (3750) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 01:59

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 01:59

Reported

2024-11-13 02:01

Platform

win7-20240903-en

Max time kernel

119s

Max time network

119s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe"

Signatures

Renames multiple (2703) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Vostok.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Karachi.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs-nio2_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-visual_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Australia\Currie.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yellowknife.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Iqaluit.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Chihuahua.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychartplugin_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console_1.0.300.v20131113-1212.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\7-Zip\Lang\is.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-options.xml_hidden.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Juneau.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Colombo.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Caracas.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\7-Zip\Lang\cs.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\zip.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mac.css.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Gambier.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\7-Zip\Lang\de.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\HideUninstall.rle.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Jayapura.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe

"C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe"

Network

N/A

Files

memory/1976-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

MD5 be2b93aee5e9e185f1aa684eee97f66b
SHA1 a4b16e9e4ddfd9e3dc05074cb4c6b6f8c19cd9d6
SHA256 807f76a08a0f50dfc018c2aba8427fac936fc01f3e4357b102e40802d2aec3cd
SHA512 884301916d8fcd0652c5b79be972b8c2efaff2cd97ba31bdfee40bcf7c300553f28e9f06e4474879fd795780d5a00616a5b8972b8b8a92ac87f3381cabdd44f9

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 937c1407657d7293fc2ad3b3b830295f
SHA1 9f93b3696db5f16d1a66666c7ac948eddddf7aa4
SHA256 714697d9a057b27e5743e6c5b7cf17eadfa89f5bde1828975a6faa1f6818831e
SHA512 5ae0c54ea99df713439ebdf771e4c595a93eb3021b0160aea96e172e46d3876d7951eccc4f5b14ac1135590ab5a09304faafb8f11aab94ee2a2db623d06bbb14

memory/1976-72-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 01:59

Reported

2024-11-13 02:01

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

96s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe"

Signatures

Renames multiple (3750) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\WindowsFormsIntegration.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\EditRestart.TTS.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Requests.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Diagnostics.Tools.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\7-Zip\Lang\kaa.txt.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-memory-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Xaml.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Threading.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\jpeg.md.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadcor.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Mail.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.JavaScript.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription5-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdXC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\fa.pak.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\w2k_lsa_auth.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Blue II.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Drawing.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.Win32.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hant\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\mr.pak.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.ComponentModel.DataAnnotations.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\javac.exe.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\jfxrt.jar.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Diagnostics.StackTrace.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Retail2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\Microsoft.WindowsDesktop.App.deps.json.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\mlib_image.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_CopyDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Aspect.xml.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Professional2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe

"C:\Users\Admin\AppData\Local\Temp\6b287d872a3bf5062542b4ba4e90bed795f7f12475e89edc887d9d941f8fa4f3.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 73.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 75.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/4144-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

MD5 4e046796ea99e1857558ff57df1d4cad
SHA1 86ee13e4868ece14e586fd1c6f852b0b7564a244
SHA256 e2e832022358ea52ce7239f4c24f62d88535de9271ca38b58cf7be30c5631cbc
SHA512 596fb79da03fe928b04bd606c31e60f5baf87169557e38634170264690e794d9bca53b505ad9073a07533cbab0591dd3926ca85b69bfe04555f4ebb1bd07f7f7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 30590fdac919823493a1b15a004fdd2f
SHA1 f09cf5e3da1b35e6a56d38dea9e8b183e91b63b0
SHA256 02e7b8a9352f7256183f43798fcd971e67fabdb018d416f68c58ad317d38c280
SHA512 f3bbb1efa42dddfb145da073dbfc4e379670676d1b882cc2900871962e0143a849a4a3a54431658616fd5c78c94fd277aa3165aa37b6dd906b22ff8c63bbdf37

memory/4144-652-0x0000000000400000-0x000000000040B000-memory.dmp