508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6

General

Target

508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
Size

2.8MB
MD5

b8954cf8459693343ef1d16ed643a975
SHA1

8c153541354d3365a8eabd5b541b4e1dadcf9095
SHA256

508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6
SHA512

aac83096a400cf00b031787f7d31b4fb5ebc965cad6ab8698ddef3a1672608293ef5e52ca3f0bed206b3e4c19e329831503835b66f61803e00c5d03b059cfa06

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

Processes:

508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe

description	ioc	process
File created	\??\c:\$Recycle.Bin\S-1-5-21-2513283230-931923277-594887482-1000\desktop.ini	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-2513283230-931923277-594887482-1000\desktop.ini	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\desktop.ini	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\desktop.ini	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe

Drops file in Program Files directory 64 IoCs

Processes:

508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe

description	ioc	process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\System\DirectDB.dll	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\si.txt	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ky.txt	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msdaremr.dll	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hr.txt	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\SecretST.TTF	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\br.txt	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado25.tlb	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\System\msadc\handsafe.reg	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv	508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe

C:\Users\Admin\AppData\Local\Temp\508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe
"C:\Users\Admin\AppData\Local\Temp\508a1a0a90a6386e7c25ee6d301568d0fa5b3d900bb22e84d7bbf885a01eaaa6.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2004

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-59-0x00000000765F1000-0x00000000765F3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing