Malware Analysis Report

2024-12-07 10:20

Sample ID 241113-dr2mmswbpr
Target d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568
SHA256 d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568

Threat Level: Likely malicious

The file d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568 was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (3766) files with added filename extension

Renames multiple (5193) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-13 03:15

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-13 03:15

Reported

2024-11-13 03:17

Platform

win7-20240903-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe"

Signatures

Renames multiple (3766) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-attach_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Kentucky\Monticello.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Scoresbysund.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\it\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guam.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\control\libgestures_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sampler.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Qyzylorda.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Etc\GMT+11.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-5.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Games\Hearts\HeartsMCE.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.util_1.7.0.v201011041433.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.concurrent_1.1.0.v20130327-1442.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Indiana\Winamac.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jre7\lib\security\java.security.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Windows Media Player\wmpnssci.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\9.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Linguistics\Providers\Proximity\11.00\can03.ths.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\title.htm.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Manila.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security.ui_1.1.200.v20130626-2037.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Windows NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\css\settings.css.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\xlsrvintl.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files (x86)\Common Files\microsoft shared\ink\InkObj.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-uisupport.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\WatchWrite.mhtml.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jre7\release.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Games\Purble Place\it-IT\PurblePlace.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Internet Explorer\msdbg2.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\144DPI\(144DPI)notConnectedStateIcon.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\weblink.api.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\VideoLAN\VLC\locale\kk\LC_MESSAGES\vlc.mo.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\ja-JP\js\slideShow.js.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe

"C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe"

Network

N/A

Files

memory/1800-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

MD5 327963df370138ba4043892c4b443fe7
SHA1 81196f8ff999b379dd334ba8670960fba4f6a230
SHA256 00121253b353f1509b72cb79ed08de5743e5c0666d260a5ac73b6d7f6ccdaf03
SHA512 79c65774fed1e8ca16144a1252ed4c3936fa19885a620dd49b6bdc69e19a2715c4983c85f1bd6220d8d4bd7f71bd94afd63ccea446ad4490364972b060a679ce

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 eee77cd7bc20081f9a8bf0883fd6a3fd
SHA1 eab2dac93950dabe7671f70322c21be8911f6a02
SHA256 764bcc686c98b7a2cc98e484735df27e626448d09bb02decdf1a53965fa5010c
SHA512 1673efcdc2f7c74ccff90ce6ba1a3f66ccb1310c80442a7945430e6ae77483ff2437594a5013e9f432c09911a4573e5d6a710a8cb7104627c80ec118601ab523

memory/1800-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-13 03:15

Reported

2024-11-13 03:17

Platform

win10v2004-20241007-en

Max time kernel

150s

Max time network

149s

Command Line

"C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe"

Signatures

Renames multiple (5193) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\EventSource.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-100.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Quic.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.FileSystem.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest2-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Word2019R_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\rsod\powerpoint.x-none.msi.16.x-none.boot.tree.dat.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\7-Zip\Lang\hr.txt.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Common Files\System\ado\msado27.tlb.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Extensions\external_extensions.json.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\PowerPointNaiveBayesCommandRanker.txt.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Text.Encoding.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\PresentationCore.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProjectProVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.DataWarehouse.DLL.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\ipcsecproc.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MSIPC\th\msipc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.IO.Compression.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.InteropServices.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Transactions.Local.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ko\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ExcelFloatieXLEditTextModel.bin.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.Xml.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\WindowsAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription4-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_MAK-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdVL_MAK-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\Interceptor.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Templates\1033\Training.potx.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_PrepidBypass-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogoSmall.contrast-white_scale-140.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000049\StoreLogo.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-180.png.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\MYSL.ICO.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Office.Interop.Outlook.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-synch-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.tmp C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe

"C:\Users\Admin\AppData\Local\Temp\d5d8d4c7b10fe6799c324dba3607d889330b41737203a6689750b9ae807c9568.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 28.118.140.52.in-addr.arpa udp
US 8.8.8.8:53 88.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 11.73.50.20.in-addr.arpa udp

Files

memory/4496-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

MD5 d1890adb4fdd99f22a2dd5dd68653b7f
SHA1 7ef10be1376ed86716c347732cd59a9ce4b605c2
SHA256 49748e839bb4043bffb44724d1bde6e6ba17e12a6b6476720a1c7059b16de629
SHA512 5044a5096932247fb0a99395bdbb4dccd4ee5191cfc222e60590ce6166e9ad16bbb231e726569388e26758335657482598db6d6e4205c8f7321b3198b0b9886a

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 1161197310a8d0edab8cd7abc686d755
SHA1 a2e631fd46aeca115e1e4e78693bf3b2ee2bd58e
SHA256 38ed0fdbce975ea256838083610e478cd8de87a095f508eeb8c5338fc27e868b
SHA512 b99a1401137004fd756572e33fc614e4d9c29b612ccae483df8a3c064d95e9dda7faab5001b69afc957e51f4e46c67fb5efcbfd0320f160770492c9aae184629

memory/4496-786-0x0000000000400000-0x000000000040B000-memory.dmp