Malware Analysis Report

2024-12-07 09:59

Sample ID 241114-lpghpaxdjm
Target 395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe
SHA256 395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadc
Tags
upx discovery ransomware
score
9/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
9/10

SHA256

395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadc

Threat Level: Likely malicious

The file 395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe was found to be: Likely malicious.

Malicious Activity Summary

upx discovery ransomware

Renames multiple (2647) files with added filename extension

Renames multiple (2281) files with added filename extension

UPX packed file

Drops file in Program Files directory

Unsigned PE

System Location Discovery: System Language Discovery

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-14 09:42

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-14 09:42

Reported

2024-11-14 09:45

Platform

win7-20240903-en

Max time kernel

120s

Max time network

17s

Command Line

"C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe"

Signatures

Renames multiple (2281) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Belgrade.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Inuvik.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-favorites.xml.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\7-Zip\Lang\ru.txt.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\META-INF\ECLIPSE_.RSA.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\org-openide-modules.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-print.xml.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-profiler.xml.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\about.html.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui_2.3.0.v20140404-1657.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\7-Zip\Lang\mr.txt.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-uihandler_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.security_1.2.0.v20130424-1801.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jre7\bin\klist.exe.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jre7\lib\zi\America\Dawson_Creek.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec.exe.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\MANIFEST.MF.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.controlpanel.ui.ja_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-tabcontrol.xml.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Matamoros.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jre7\lib\alt-rt.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Majuro.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-text.xml.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-api-caching_ja.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qatar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\license.html.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.attach_5.5.0.165303.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.commands.nl_ja_4.4.0.v20140623020002.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text_3.9.1.v20140827-1810.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-ui_zh_CN.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jre7\bin\JdbcOdbc.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jre7\bin\management.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe

"C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe"

Network

N/A

Files

memory/1236-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

MD5 62c1098d46f143d8668749a24fa18224
SHA1 bc4389113fb9b27340cd17e0ca6918e85161f3b9
SHA256 f54b961e4f15b14b94d90c5795b827fb92036c474f391f8b4dd14bf14f0fe988
SHA512 883af88ca5e25b32066b477c8023bc8364db29cb38c426627ba1034eb527e2690aa47b50b9f7f22d8c564619b191c0ffe679e2debf3efdc5938a9c127f3b2eef

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

MD5 a887a827759deba4299468c8efe985f8
SHA1 9413c4c0ba050d9f0337e056b43dc80a42a58664
SHA256 56b0baa3c314840b01088c132aa7c728095c2cdb6d7f57d1cd38f750744c349d
SHA512 6a9b3117e2d7e3041a33eb15cd80e7396efbe5ed34f90b7e71558a00c924bd2135c3240c35df9cde98837dd89f6d4d667de9075aa06693114dc762a7a49e8ab8

memory/1236-58-0x0000000000400000-0x000000000040B000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-14 09:42

Reported

2024-11-14 09:46

Platform

win10v2004-20241007-en

Max time kernel

120s

Max time network

103s

Command Line

"C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe"

Signatures

Renames multiple (2647) files with added filename extension

ransomware

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Runtime.Loader.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ja\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\cs\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\it\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\7-Zip\Lang\va.txt.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\System.Windows.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\javacpl.cpl.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveNoDrop32x32.gif.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ru\System.Windows.Forms.Primitives.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\tr\PresentationUI.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\de\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\keytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\System.Xaml.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\policytool.exe.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.WebSockets.Client.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Runtime.Numerics.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Classic.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\tr\WindowsFormsIntegration.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\PresentationFramework-SystemData.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tabskb.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\WindowsBase.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\ru\WindowsBase.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\it\System.Windows.Forms.Design.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pl\UIAutomationClient.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\amd64\jvm.cfg.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Threading.Tasks.Extensions.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.IO.Packaging.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\System\ado\msado25.tlb.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Reflection.Metadata.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\PresentationFramework.Luna.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\Microsoft.VisualBasic.Forms.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jinfo.exe.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\local_policy.jar.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.NameResolution.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\Microsoft.Win32.SystemEvents.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\pt-BR\ReachFramework.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.2\pt-BR\System.Windows.Controls.Ribbon.resources.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Internet Explorer\ExtExport.exe.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\Common Files\System\msadc\msadce.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A
File created C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Net.Sockets.dll.tmp C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe

"C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 212.20.149.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 20.49.80.91.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp

Files

memory/5104-0-0x0000000000400000-0x000000000040B000-memory.dmp

C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

MD5 006c2b1b5f15c8277e55adc5563155db
SHA1 14671cd300b3c33cd2455a21d5a4e9934152cbc4
SHA256 c0e6987d57a8efdb4b884e9d3fa68a8d30ebc8d3bc34e40e346d667ba3360e76
SHA512 6af49169552a525a0cc1f00b9882266eed1ed8ebeee8456b90ce2d099619f206b4dbacda68b62b9283e10fe46b6fd1dbfc39023a7f4ffdfeeaa1c5303038ee66

C:\Program Files\7-Zip\7-zip.dll.tmp

MD5 b9b4c1e9d537df9581163503c19b22f2
SHA1 d9d33ed56f769ae0dcabd8f609d17de14c650991
SHA256 622531b2ac4849f157245c05acda7b245c56f4cde652bb1c258e4c56dce69cb3
SHA512 7a33867f81f7a85fc2b53d84efdc291d298ef6c47b8e84ba2cfc66695c96201103062dfce99bac267a0f384e7a3b8a187f8a3a8010de8e2ef226e0e074cf9597

memory/5104-592-0x0000000000400000-0x000000000040B000-memory.dmp