2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff

Analysis

max time kernel
44s
max time network
151s
platform
windows10_x64
resource
win10v20210410
submitted
22-07-2021 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
Size

1.3MB
MD5

0e55ead3b8fd305d9a54f78c7b56741a
SHA1

f7b084e581a8dcea450c2652f8058d93797413c3
SHA256

2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff
SHA512

5c3d58d1001dce6f2d23f33861e9c7fef766b7fe0a86972e9f1eeb70bfad970b02561da6b6d193cf24bc3c1aaf2a42a950fa6e5dff36386653b8aa725c9abaaa

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File opened for modification	C:\$Recycle.Bin\S-1-5-21-3686645723-710336880-414668232-1000\desktop.ini	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Stationery\Desktop.ini	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\desktop.ini	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\ConvertProtect.php.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\about.html	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-attach.xml	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\Office16\msoadfsb.exe.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLSERVER.EXE.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-math-l1-1-0.dll.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.scale-100.png	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\libcrypto-1_1-x64.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\rsod\proof.es-es.msi.16.es-es.tree.dat.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\msmdlocal.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\xmsrv.dll.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\jre\bin\jfxmedia.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Tw Cen MT-Rockwell.xml	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\ReportingServicesNativeClient.dll.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AppvIsvSubsystems64.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Data.DataFeedClient.dll.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Candara.xml	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\C2R64.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-crt-heap-l1-1-0.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\rsod\officemuiset.msi.16.en-us.boot.tree.dat.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\wordicon.exe	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3102-0000-1000-0000000FF1CE.xml.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogoSmall.scale-100.png	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL012.XML.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL103.XML.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\MSB1CORE.DLL	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Windows\Installer\{90160000-000F-0000-1000-0000000FF1CE}\pptico.exe	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-io.xml.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\EXPTOOWS.DLL.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\System.Web.Mvc.dll.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Picasso.Sampler.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\msvcp140.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Office 2007 - 2010.xml.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\Addons\OneDriveSetup.exe	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogo.scale-80.png.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-modules-spi-actions.xml.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\STSLIST.DLL	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LivePersonaCard\images\default\linkedin_ghost_company.png.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Send2Fluent.png	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\CSS7DATA000A.DLL	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Java\jre1.8.0_66\bin\jdwp.dll.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\LyncBasic_Eula.txt	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Office.Interop.Excel.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODDBS.DLL	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLMF.DLL.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\ARCTIC\THMBNAIL.PNG.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\api-ms-win-crt-utility-l1-1-0.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-180.png	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\salesforce.ini	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso30win32client.dll.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\EXPEDITN\THMBNAIL.PNG	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.CRYPT	2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe

C:\Users\Admin\AppData\Local\Temp\2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe
"C:\Users\Admin\AppData\Local\Temp\2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3416

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads