f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201

General

Target

f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
Size

9KB
MD5

04da21c104ea3e996c4fbdc496475743
SHA1

0231ea30add2fa0c06167c8929f8b523ef4d1356
SHA256

f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201
SHA512

918d4459e5e3741ac0eee222bf9e5e81365e7fd5a2a046f3e7e21ceb7788dd1c735ca895048ef04e8e1af49b6dc45cd1bb60b8bcb5caa49b51a148329899a73a

Score

8^/10

ransomware spyware stealer

Malware Config

Signatures

Modifies extensions of user files 4 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Pictures\WatchStart.tiff	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Users\Admin\Pictures\CompleteBlock.tiff	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Users\Admin\Pictures\ShowGrant.tiff	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Users\Admin\Pictures\StartResolve.tiff	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe

Drops startup file 1 IoCs

Processes:

f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Drops desktop.ini file(s) 41 IoCs

Processes:

f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe

description	ioc	process
File created	C:\Users\Admin\Desktop\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\Links\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\Searches\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Public\Music\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\Saved Games\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\Favorites\Links\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\Pictures\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Public\Videos\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Public\Pictures\Sample Pictures\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\Favorites\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Public\Videos\Sample Videos\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\Downloads\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\Music\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Public\Pictures\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\Favorites\Links for United States\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Public\Music\Sample Music\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\Contacts\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\Videos\desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe

Drops file in Program Files directory 64 IoCs

Processes:

f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe

description	ioc	process
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\de-DE\TipBand.dll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\Office64MUISet.XML	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CASCADE\THMBNAIL.PNG	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\DEEPBLUE\DEEPBLUE.INF	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Excel.HostAdapter.v10.0.dll	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\msdadc.dll	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.CNT	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\micaut.dll	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\USP10.DLL	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proofing.en-us\Proofing.XML	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\INDUST.ELM	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\JOURNAL\JOURNAL.INF	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\OPHPROXY.DLL	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACERECR.DLL	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\COMPASS.INF	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CONCRETE\CONCRETE.INF	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\INDUST\PREVIEW.GIF	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\fr-FR\msadcer.dll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Proof.en\Proof.XML	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\LAYERS\THMBNAIL.PNG	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BREEZE\BREEZE.ELM	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\PIXEL\THMBNAIL.PNG	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.config	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\COMPASS\COMPASS.ELM	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\es-ES\TipBand.dll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\VBAJET32.DLL	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\GreenBubbles.jpg	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CANYON\CANYON.INF	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\PREVIEW.GIF	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\STUDIO\STUDIO.INF	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\de-DE\msaddsr.dll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEWDAT.DLL	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLUECALM\THMBNAIL.PNG	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\CAPSULES\PREVIEW.GIF	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\1033\VBOB6.CHM	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\x86\VSTARemotingServer.dll	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\de-DE\msdaremr.dll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\eqnedt32.exe.manifest	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office.en-us\PSS10O.CHM	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\14\BIN\FPWEC.DLL	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.TTS	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\msdaprsr.dll	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\1033\ACEINTL.DLL	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\AXIS\PREVIEW.GIF	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\BLENDS\PREVIEW.GIF	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\SpeechEngines\Microsoft\TTS20\en-US\enu-dsk\M1033DSK.UNT	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\System\msadc\it-IT\msdaremr.dll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OSetupPS.dll	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\VBE7.DLL	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File created	C:\Program Files (x86)\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FPERSON.DLL	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\SONORA\SONORA.INF	f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe

C:\Users\Admin\AppData\Local\Temp\f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe
"C:\Users\Admin\AppData\Local\Temp\f21cda69b887bd2c296a48614c12b32c251a2822be81bcb0dabbc4439b04f201.bin.exe"
1⤵
- Modifies extensions of user files
- Drops startup file
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1032

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1032-54-0x0000000001360000-0x0000000001368000-memory.dmp

Filesize
32KB

Download
memory/1032-55-0x00000000758D1000-0x00000000758D3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads