Malware Analysis Report

2024-12-07 10:04

Sample ID 241113-ddpqxsvhqk
Target 7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe
SHA256 7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0

Threat Level: Likely malicious

The file 7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3191) files with added filename extension

Renames multiple (4666) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 02:53

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 02:53

Reported

2024-11-13 02:55

Platform

win7-20241023-en

Max time kernel

119s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe"

Signatures

Renames multiple (3191) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Internet Explorer\D3DCompiler_47.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Internet Explorer\Timeline.cpu.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Jujuy.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll.sig.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Panama.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Management.Instrumentation.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\codec\libddummy_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-fallback.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-lib-profiler-common.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre7\bin\hprof.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Seoul.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\7-Zip\Lang\ba.txt.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\topnav.gif.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-javahelp.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-options-keymap.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Games\Chess\en-US\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Services.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+4.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Mozilla Firefox\installation_telemetry.json.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\he\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Winnipeg.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_sv.properties.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Gibraltar.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\bbc_co_uk.luac.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Common Files\System\ado\msadomd.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Niue.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Europe\Bucharest.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Games\Chess\ja-JP\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\jvm.hprof.txt.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\contbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator_3.3.300.v20140518-1928.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre7\bin\jsound.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Antigua.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\FrameworkList.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe

"C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe"

Network

N/A

Files

memory/2656-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini.tmp

MD5 0f8723eab77838fe00ba4352b1e954e7
SHA1 9272c78b3896c856229914d54009b0ec1d4afe1b
SHA256 4423ee50fff89b1ead43f03aeb8ce98eb3db6fe910ff1369ef628152d5c1038b
SHA512 a493bb096bc1ff165a21035799208952df755d8cf892f78fe3aec5db5c35e8d9ca188d4f448aaa908296689a94ed2959a605b2603b700ca13fa8e4465327a091

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 61f885afe914ec9e9ab3690215651da7
SHA1 35f8f5a3b6cffbe28d9166f81a29dc368d71c985
SHA256 a20bef3427d463f16521744540ffea9bdc745dbb30e6516229072c20307d4434
SHA512 a657127562a368b2d3cfb17886fd5db9332a01ca11d82047765094638e4ea2e5da7079a5e3ef5b5c472680150006955b5b196d8cedd234f19e9e16f1fcd99a9c

memory/2656-75-0x0000000000400000-0x000000000040A000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 02:53

Reported

2024-11-13 02:55

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe"

Signatures

Renames multiple (4666) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Trial2-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jfr.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jpeg.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_KMS_Client-ul.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Forms.Design.Editors.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Proof.Culture.msi.16.en-us.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProCO365R_SubTest-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\XLMACRO.CHM.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1036\MSO.ACL.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Common Files\System\ado\msadrh15.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.shared.Office.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\pkeyconfig-office.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogo.contrast-black_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pl\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Xml.ReaderWriter.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\orbd.exe.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\ucrtbase.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ja\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Georgia.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProMSDNR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javaws.exe.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre-1.8\LICENSE.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\excelcnvpxy.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.MashupEngine.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-util-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcDemoR_BypassTrial365-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Calibri-Cambria.xml.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTrial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019XC2RVL_MAKC2R-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Trial-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\af.pak.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\AUDIOSEARCHLTS.DLL.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudent2019DemoR_BypassTrial180-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\Microsoft.Win32.Registry.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe

"C:\Users\Admin\AppData\Local\Temp\7ec865d2d89d832931caff4e81455a237417bc58b59c2e3f91c763e937b1acd0.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 241.42.69.40.in-addr.arpa udp
US 8.8.8.8:53 98.117.19.2.in-addr.arpa udp
US 8.8.8.8:53 0.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 83.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp

Files

memory/1016-0-0x0000000000400000-0x000000000040A000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 f5a8316f372ded3fe43aa84321bb57a1
SHA1 2180361afa557bd7fc8285b1be758c229e0773e9
SHA256 ef3559afe3b0f6659d703bc066349287290dbe4e519518b6a7ae7bafa5ee7b16
SHA512 dea17354f88e23ac1ea47952c6f18fc82a2e10f973425d17587ee97cf4c18045d59e11072c96b23214c9c472bd06d4c328bee6269a69413dea5532d7c54adcf7

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b290528d03741cf11e6ba3a18c8ba5ac
SHA1 16f7e61a629216471024d34aa574b063fb8e212c
SHA256 95516725ba1c49a690dcd95a7aa604eddb19fc130e83fa6272b5250ea9962d8b
SHA512 0c6da530b171385019ef4a76cd6652d28dd059afa67b40fdab7a30c076607ac308a8ce0de12483ceb5577b88ba2a8d640df3bd4a42c7e1eb7f4bbecd45d05b1c

memory/1016-781-0x0000000000400000-0x000000000040A000-memory.dmp