9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202

Analysis

max time kernel
150s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 05:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
Size

13KB
MD5

1a79027869a0de4121236fa5704f60fe
SHA1

a4203abeed3da9c3ddeb6522c55d396b7eb0f4e8
SHA256

9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202
SHA512

058a2e96a6cafc429dacfa748b3ba0f9686d5163e4c35041af93ddb104550b0c392aeba0d8d9ae24c92e47269c4c1ce862138f63b14f8e22191cc86acd16568a
SSDEEP

384:8Oa+ijNOY9rkyIDaFErNSrzNvOcal9qgeOA+e:Z1uAkERoZp9OAn

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-2629973501-4017243118-3254762364-1000\desktop.ini	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-2629973501-4017243118-3254762364-1000\desktop.ini	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\desktop.ini	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\desktop.ini	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\System\msadc\msadcor.dll	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\db\bin\ij	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\db\lib\derby.jar	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\az.txt	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado21.tlb	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ko_KR.jar	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\bin\java.exe	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsel.xml	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\System\de-DE\wab32res.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\bin\jvisualvm.exe	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\bin\pack200.exe	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\bin\jconsole.exe	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\bin\tnameserv.exe	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\bin\xjc.exe	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ps.txt	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsel.xml	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado60.tlb	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\msdasqlr.dll	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\jre\lib\psfontj2d.properties	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tipskins.dll	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\zh-CN.pak	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\db\bin\startNetworkServer	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Internet Explorer\iexplore.exe	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_ja_JP.jar	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InkObj.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msdarem.dll	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ar.txt	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mng.txt	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\cs.pak	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\sawindbg.dll	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\am.pak	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\msvcr120.dll	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\nb.pak	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\WindowsAccessBridge-64.dll	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\bin\jstat.exe	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.8.0_66\db\lib\derbyclient.jar	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sa.txt	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\si.txt	9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe

C:\Users\Admin\AppData\Local\Temp\9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe
"C:\Users\Admin\AppData\Local\Temp\9158b4b9d0c0f4f80965a6d0a7007b6d7761224c6cf6020fa19d67627393c202.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1932

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads