Malware Analysis Report

2024-12-07 09:59

Sample ID 241114-hjlcxawaqq
Target eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe
SHA256 eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7
Tags
discovery ransomware upx
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7

Threat Level: Likely malicious

The file eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe was found to be: Likely malicious.

Malicious Activity Summary

discovery ransomware upx

Renames multiple (3143) files with added filename extension

Renames multiple (4590) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 06:46

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 06:46

Reported

2024-11-14 06:48

Platform

win7-20240903-en

Max time kernel

120s

Max time network

16s

Command Line

"C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe"

Signatures

Renames multiple (3143) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core.xml.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-io_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Yakutat.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Barbados.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-execution_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\DVD Maker\PipeTran.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Web.Entity.Resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ru.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\7-Zip\Lang\gu.txt.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\7-Zip\Lang\mng2.txt.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ulaanbaatar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-sa.xml.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Africa\Ceuta.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Games\FreeCell\ja-JP\FreeCell.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.VisualC.STLCLR.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\playlist\liveleak.luac.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jre7\lib\jfr\profile.jfc.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-heapwalker.xml.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jre7\lib\jce.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightDemiBold.ttf.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.commons.logging_1.1.1.v201101211721.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multitabs.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.zh_CN_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.metadata.nl_zh_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-progress-ui.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-heapdump_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\VideoLAN\VLC\lua\http\mobile_equalizer.html.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\Asia\Baku.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Internet Explorer\SIGNUP\install.ins.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-services.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe

"C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe"

Network

N/A

Files

memory/2084-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

MD5 ae12fc76c4d5d4dc4b30ee65673f6190
SHA1 14be687d6848ece03257854f160364a243e9a229
SHA256 4f8e450012c41fcfd0602dbad15b14b6a428eb7a26a2c80322db2e13cfbb6bf9
SHA512 9770081a2619a71188c98813981f60a8e3269d5cf404cf4bc6c21ddfbf2800364d799d279f4d620d25c30d6263ca8f89e69415407151e62e157cd70b0b69efbb

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 f386eb230fc69122fe1f4d7b0cc9d776
SHA1 53af4fb4a9c0f8112600ad6968355a40b215e6f2
SHA256 e82f08bc9ae956b1811a73995d501513a613bebfc7991c95be639bcf88d5240f
SHA512 80a4cdfbfae5e9a78cd725591a2cb645625da92d144d8d18145cdd6a5e77f2b4bcb7c3d377b9e67babaa8740cb1a9e43bd272c1443945a452fed8f5cde3564c6

memory/2084-74-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 06:46

Reported

2024-11-14 06:48

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

94s

Command Line

"C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe"

Signatures

Renames multiple (4590) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\createdump.exe.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ja\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\zh-Hans\System.Windows.Input.Manipulations.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\Locales\nb.pak.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART1.BDR.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019VL_MAK_AE-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-file-l1-2-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\C2RManifest.Word.Word.x-none.msi.16.x-none.xml.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\7-Zip\7zFM.exe.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_MAK-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_KMS_Client-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTest-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.IO.Compression.ZipFile.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\ru\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklist.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Integration\Integrator.exe.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessEntry2019R_PrepidBypass-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Retail-ppd.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\es\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Threading.AccessControl.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\System.Drawing.Common.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Retrospect.thmx.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\MondoR_Subscription2-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription1-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\QuickStyles\centered.dotx.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\StandardVL_KMS_Client-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\7-Zip\Lang\et.txt.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\clrgc.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\WINWORD.HXS.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_profile.png.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\jdk\relaxngcc.md.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Private.CoreLib.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Office16\1033\offsymxb.ttf.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-crt-string-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp-ul-oob.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp3-ul-phn.xrm-ms.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\7-Zip\Lang\ca.txt.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\api-ms-win-core-handle-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Serialization.Primitives.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\fr\PresentationFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A
File created C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome.exe.sig.tmp C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe

"C:\Users\Admin\AppData\Local\Temp\eb856fc9cabd47f073c3e5726109aa553cb3916462fa0ec42b20c2c4bd1362c7N.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 64.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 197.87.175.4.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 13.227.111.52.in-addr.arpa udp

Files

memory/4116-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

MD5 4c619e2cb84f569b299aeda90d7c2ce6
SHA1 e86e33e0b34f05aa9aa9f968d02827487f5acdb5
SHA256 7de16975297aec5ad7f15aed211513a1ef452d092ade6db3807eff4879eeeea9
SHA512 add2fb0b20b1a9105fe663f47e277030527729a5c8e221892d906007cf67db65903feb4b41deffda794a8006bd2b2df5dc91c0e09a665bd590c51692aeb64299

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 cbdb29287739143ed934542fb60d954d
SHA1 8dc499a6ab851054b56a9125a455188f1160fa20
SHA256 61d24048564eb6f193c4f9adb3f534c306ab69a9b2e2aa2ce2ebd1e917c11f3c
SHA512 3e8a70074467a6b934ad3d8eff85eef30578f4c63d3a99efa5ef9be0c5dc7f223de879163b5e7794b80dd3adf89b7340f9fe0d8aadc75777a284359eff879f4d

memory/4116-778-0x0000000000400000-0x000000000040B000-memory.dmp