Malware Analysis Report

2024-12-07 09:58

Sample ID 241114-d2hmhsxngp
Target 2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe
SHA256 2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065

Threat Level: Likely malicious

The file 2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2853) files with added filename extension

Renames multiple (1837) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 03:30

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 03:30

Reported

2024-11-14 03:32

Platform

win7-20240903-en

Max time kernel

120s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe"

Signatures

Renames multiple (1837) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hovd.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\plugin.xml.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\CloseRepair.zip.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\7-Zip\Lang\ro.txt.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Atikokan.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_classic_win7.css.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\extcheck.exe.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\System\ado\msado26.tlb.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\notification_plugin.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench3.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\7-Zip\Lang\pt.txt.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.bindings.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\7-Zip\Lang\fr.txt.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\7-Zip\Lang\fy.txt.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\core_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.sun.el_2.2.0.v201303151357.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.services_1.2.1.v20140808-1251.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.win32.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Toronto.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Abidjan.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Tucuman.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Sydney.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-6.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\7-Zip\License.txt.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-openide-actions.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.update.configurator.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util-lookup_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.jobs_3.6.0.v20140424-0053.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winXPHandle.png.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-autoupdate-services.xml.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe

"C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe"

Network

N/A

Files

memory/1404-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

MD5 69d1e88cb7a889eba24f9c5744454f55
SHA1 152206e2e14acc64a89ac45ee79b1a36c8349d44
SHA256 8b7f22494e4bf43db4f96baaabbac032c4dff59853064ac6a7e8634b2cbd92f9
SHA512 c7f224dba6f7471557682fb69957617395737c29eecd474872d579ed88b153d968a91155e45817f29c4539b7ab06f46b10473913031506bd4bdc591142d74d81

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 3a97c241b564cd1e51c70e0d007be565
SHA1 55a931a811bbff7ca9174871f832a65e0941590a
SHA256 3a9a57ecf552f230108398efa71e5a7af7d0437655a6c33a30bbb1ecc5038d17
SHA512 57b22aef6bc1943dbe2734707edaf579dfb1e4ae701fa7a14ed96e80c233a92bf0f00184b55e622c864d30c799d19bcf2db52c70fa32c5bf33cb8918aa016488

memory/1404-50-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 03:30

Reported

2024-11-14 03:32

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

95s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe"

Signatures

Renames multiple (2853) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\public_suffix_list.dat.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\security\policy\limited\US_export_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Windows.Presentation.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\unicode.md.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Security.SecureString.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\es\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.Serialization.Formatters.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hans\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ko\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\fonts\LucidaTypewriterBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\javafx\libxslt.md.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\7-Zip\Lang\lij.txt.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationProvider.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\MEIPreload\preloaded_data.pb.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\server\Xusage.txt.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Royale.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\sunec.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Diagnostics.EventLog.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Grace-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jsdt.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\joni.md.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\tipresx.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Web.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\UIAutomationTypes.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\lcms.md.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.ja-jp.txt.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\UIAutomationClientSideProviders.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\zh-Hant\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\host\fxr\6.0.27\hostfxr.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Buffers.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationNative_cor3.dll.tmp C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe

"C:\Users\Admin\AppData\Local\Temp\2779f8060c65e04d8e6648a50057f5cc3c24a3af6465ed4c3dba9292ebd94065N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 4.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 101.210.23.2.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/4712-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp

MD5 2abebe392d1d109590cefd6e595c6b63
SHA1 36424a6357cf1f7a49be738b2c432bbe3c63ab11
SHA256 72f82ba4705eceea9c471aa79c897c51b10e0e1ad4d825f00e9c2642248ccf07
SHA512 1acc6f2d752fb119f6585885647ec1fa669e597ae050941ddb282cfa965179c2fd98669b454d1a3a88011adf4549a60b7f67418703c6e4d8baa368641c2c1eaa

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 8f9590c170df394b09c99ebd4b08fbc2
SHA1 0322012af3f05767f435200a22d4fef9bc285335
SHA256 2bcee8ae1545bcbd25e4c5568eab06ed2629ae37c0100a6fece4e6b981f4c3a8
SHA512 5cbf78d700e64e37cf2c4269447b61f61b9df99f25dd52d07bbcd589d72cd1923df00ef9ac31212e4d088b6fb84069540ef9f8807fbfe7ed5098f69c2a3d488e

memory/4712-640-0x0000000000400000-0x000000000040B000-memory.dmp