ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd

Resubmissions

29/10/2021, 07:54

211029-jrj1gschc3 4

29/10/2021, 07:48

211029-jnellahfbl 4

Analysis

max time kernel
131s
max time network
119s
platform
windows7_x64
resource
win7-en-20211014
submitted
29/10/2021, 07:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
Size

297KB
MD5

ebc2661a409a3a743bba237ba1bfc4e8
SHA1

1d9052ce97f4f127f2626b2ff2ee106b4f8b9a70
SHA256

ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd
SHA512

c7999fa0449fd98bd4869327189688942d3812d2d127d4e34173194af11dc2436dcd8a3fef025f5c6075372e0bccf45b859a5d2559d71c100f3281046d0ab1a6

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\lua\http\message_to fmiint.log	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107262.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\indxicon.gif.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0341557.JPG.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OutlookAutoDiscover\YAHOO.ES.XML.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-tabcontrol.jar.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\review_email.gif	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.console_1.1.0.v20140131-1639.jar.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\SaslPrep\message_to fmiint.log	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Guayaquil.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\NA01468_.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Theme Fonts\Urban.xml.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\RSSITEM.CFG.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\Places\RADAR.WAV.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\CommonData\UnreadIconImagesMask.bmp.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OEMPRINT.CAT.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\ja-JP\message_to fmiint.log	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO00555_.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0090781.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00608_.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00723_.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO01044_.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File created	C:\Program Files\VideoLAN\VLC\locale\kn\LC_MESSAGES\message_to fmiint.log	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Enderbury.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Templates\1033\BlackTieMergeLetter.dotx.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Tracker\turnOffNotificationInTray.gif	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\message_to fmiint.log	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\TypeSupport\Unicode\Mappings\Adobe\symbol.txt.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File created	C:\Program Files\VideoLAN\VLC\locale\da\LC_MESSAGES\message_to fmiint.log	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PSRCHSRN.DAT.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-awt_ja.jar.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0099203.GIF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_ja_4.4.0.v20140623020002.jar.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File created	C:\Program Files (x86)\Microsoft Office\CLIPART\message_to fmiint.log	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\SO02045_.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\BULLETS\BD10299_.GIF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0187647.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PAGESIZE\PGLBL081.XML.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\PUBSPAPR\ZPDIR50B.GIF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\dialogs\message_to fmiint.log	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\PE00050_.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\AUTOSHAP\BD18222_.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\message_to fmiint.log	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0107134.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0174635.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0182898.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsStyles\Slate.css.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\META-INF\ECLIPSE_.SF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File created	C:\Program Files\Windows Sidebar\de-DE\message_to fmiint.log	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0282126.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-actions.xml.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\CLIPART\PUB60COR\J0151063.WMF.fmiint-sqnsxris	ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1228	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1228	AUDIODG.EXE
Token: 33	1228	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1228	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
812	NOTEPAD.EXE

C:\Users\Admin\AppData\Local\Temp\ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe
"C:\Users\Admin\AppData\Local\Temp\ed1468708546ef5f94f9af204ebd2e0093deb9839704fa17dbf1328f037f86bd.exe"
1⤵
- Drops file in Program Files directory
PID:268

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\message_to fmiint.log
1⤵
- Suspicious use of FindShellTrayWindow
PID:812

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1144

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/812-55-0x000007FEFB5C1000-0x000007FEFB5C3000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads