6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f

Resubmissions

15-06-2022 10:54

220615-mzmccsdgel 10

15-06-2022 10:49

220615-mwxzpagfb4 10

15-06-2022 10:44

220615-ms8a9agef6 10

Analysis

max time kernel
151s
max time network
99s
platform
windows7_x64
resource
win7-20220414-en
submitted
15-06-2022 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
Size

54KB
MD5

057d8c68bf4ce08bda3f9bd96c04bd25
SHA1

60428ec831ff15fe3e5019e8517af06da1196b96
SHA256

6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f
SHA512

87a48943600a1d5782edaf76fd422d3d66e571a2f907dc99dddded81e25275b8fb332e04f79078d90d2a7abcdcc95c7dc10244ef91c3f272b9bbbbd180db17a4

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 11 IoCs

description	ioc	Process
File opened for modification	C:\$Recycle.Bin\S-1-5-21-2277218442-1199762539-2004043321-1000\desktop.ini	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\desktop.ini	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\desktop.ini	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Stationery\Desktop.ini	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\desktop.ini	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-heapwalker.xml	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\css\RSSFeeds.css	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\LISTS\BASMLA.XSL	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.attach.zh_CN_5.5.0.165303.jar	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\settings.html	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Font\AdobePiStd.otf	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\QUAD\THMBNAIL.PNG	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guatemala	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_cloudy.png	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jre7\bin\server\Xusage.txt	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jre7\lib\javafx.properties	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\UCT	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvSOFT.x3d	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kamchatka	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\fr-FR\ChkrRes.dll.mui	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\QuickTime.mpp	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\ink\mraut.dll	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\AddInViews\Microsoft.Office.Tools.v9.0.dll	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Anadyr	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt_3.103.1.v20140903-1938.jar	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hu\LC_MESSAGES\vlc.mo	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\gadget.xml	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Macau	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core_visualvm.jar	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\Microsoft.Build.Engine.resources.dll	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libtwolame_plugin.dll	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\drag.png	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\settings.html	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Kosrae	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libheadphone_channel_mixer_plugin.dll	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\liboggspots_plugin.dll	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Windows Media Player\Media Renderer\connectionmanager_dmr.xml	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\gadget.xml	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\nb.pak	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ceuta	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Internet Explorer\en-US\F12.dll.mui	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_splitter\libwall_plugin.dll	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-search.xml	6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe

C:\Users\Admin\AppData\Local\Temp\6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe
"C:\Users\Admin\AppData\Local\Temp\6c39c5f5d143700d4ad43b0aa7fb6a51e77817060467cf3462ef037176e1f50f.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/292-54-0x0000000075BF1000-0x0000000075BF3000-memory.dmp

Filesize
8KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads