Analysis Overview
SHA256
264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a
Threat Level: Likely malicious
The file 264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (5252) files with added filename extension
Drops file in Program Files directory
Unsigned PE
System Location Discovery: System Language Discovery
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-05-15 07:23
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-05-15 07:23
Reported
2025-05-15 07:26
Platform
win10v2004-20250502-en
Max time kernel
150s
Max time network
140s
Command Line
Signatures
Renames multiple (5252) files with added filename extension
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jdk-1.8\jre\bin\npt.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.AnalysisServices.Excel.BackEnd.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\rsod\word.x-none.msi.16.x-none.boot.tree.dat.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\cs\UIAutomationClient.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\zh-Hans\Microsoft.VisualBasic.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Internet Explorer\ieinstal.exe.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest5-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\ProjectProXC2RVL_MAKC2R-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\api-ms-win-core-timezone-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EQUATION\vccorlib140.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Controls.Ribbon.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\de\System.Windows.Forms.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\pl\PresentationUI.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\tr\System.Windows.Forms.Primitives.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\tr\System.Xaml.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Java\jdk-1.8\jre\lib\cmm\LINEAR_RGB.pf.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\SIST02.XSL.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.IO.FileSystem.DriveInfo.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial3-pl.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL109.XML.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\VPREVIEW.EXE.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\kaa.txt.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\netstandard.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Requests.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Security.Cryptography.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\System.Diagnostics.EventLog.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Google\Chrome\Application\133.0.6943.60\WidevineCdm\LICENSE.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusEDUR_SubTrial-ul-oob.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\es.txt.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Net.NetworkInformation.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\pt-BR\PresentationUI.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\US_export_policy.jar.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\PowerPntLogo.scale-80.png.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MEDIA\CAMERA.WAV.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSOCR.DLL.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\WORDICON.EXE.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.15\System.Memory.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\es\UIAutomationProvider.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pl\UIAutomationClientSideProviders.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioProXC2RVL_KMS_ClientC2R-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogo.contrast-black_scale-140.png.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\PublisherVL_MAK-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\MSIPC\et\msipc.dll.mui.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\WindowsFormsIntegration.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\StandardMSDNR_Retail-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ppd.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\msotelemetry.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\EURO\MSOEURO.DLL.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\7-Zip\Lang\sk.txt.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\fr\UIAutomationProvider.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\1033\WordNaiveBayesCommandRanker.txt.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Office16\wordvisi.ttf.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\7.0.16\pt-BR\UIAutomationClient.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.15\tr\UIAutomationClientSideProviders.resources.dll.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\deploy\messages_zh_TW.properties.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Java\jre-1.8\lib\ext\sunmscapi.jar.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
| File created | C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ul-phn.xrm-ms.tmp | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe
"C:\Users\Admin\AppData\Local\Temp\264ea0a12ae9fb0c7d47c9aa12f17c138328ae760aaeb85f205791cddd91e53a.exe"
Network
| Country | Destination | Domain | Proto |
| DK | 2.19.173.67:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| FR | 142.251.37.35:80 | c.pki.goog | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-3623617754-4043701611-775564599-1000\desktop.ini.tmp
| MD5 | f7731450c657cafbe470f1e9b0a5b657 |
| SHA1 | 6162d868d4b76508fae33806612a73341c136a6f |
| SHA256 | b549d5af5fdd56600a2ab16adc00666b04b15213627e26d36550509efed1f655 |
| SHA512 | 1204c1862bfa788bf2f1531aaf7f7ab515791aeb8ccd0fb40cdeeaed4558af027cc680540452d99e7cf51e3c8d9fc063446f3be0d807deec4697c5f31f2ad896 |
C:\b96a7bef2438b67e1aee\2010_x86.log.html.tmp
| MD5 | 5a331dbdad92e0d8f6098a229c01148e |
| SHA1 | 619d288c0e9ceac8a6fb09dbcb64cc311ec5cb86 |
| SHA256 | 60ec1a53fd73b70473f247cc96774ce1a038d6d39442542dfd53747e72d99206 |
| SHA512 | 1393a2331a89c6842219a332eaf753f7a888ea2f0ae3271f0a75024c4c4816c42f066b2c5e0c08cd7fe25912f056c4e7cd1c5d79686ceebe29afe1fa2c57ca2b |