Analysis
-
max time kernel
171s -
max time network
183s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
11/10/2022, 23:25
Static task
static1
Behavioral task
behavioral1
Sample
801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe
Resource
win7-20220901-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe
-
Size
13KB
-
MD5
02533a445096a1cebe788051f582c5d4
-
SHA1
40a976960ade52fda7a6064552d02e2293b97b6e
-
SHA256
801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb
-
SHA512
f7ead5428ff581ac99467f7a5c9536f6bb26cb0572c4fd8d24c8ae087f6c462c9b6eb753c5629630dffabee76beb8c67e12986b991f8da1926a06ab24ed74e7f
-
SSDEEP
384:8Oa+ijNOY9rkyIDaFErNSrzNvOcal9qgeOiv:Z1uAkERoZp9OM
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 4 IoCs
description ioc Process File opened for modification \??\c:\Program Files\desktop.ini 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\$Recycle.Bin\S-1-5-21-2629973501-4017243118-3254762364-1000\desktop.ini 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-2629973501-4017243118-3254762364-1000\desktop.ini 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\desktop.ini 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\7-Zip\readme.txt 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\System\Ole DB\msdasql.dll 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\System\Ole DB\oledbvbs.inc 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\bin\wsgen.exe 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\jre\lib\security\US_export_policy.jar 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\va.txt 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.inf 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\conticon.gif 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\BackupSave.mpg 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msadomd.dll 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\System\Ole DB\oledb32r.dll 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\CompressWrite.shtml 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\MEIPreload\manifest.json 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\v8_context_snapshot.bin 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\jre\lib\deploy\messages_pt_BR.properties 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.zh_CN_5.5.0.165303.jar 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\he.txt 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\msdatl3.dll 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\System\wab32res.dll 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\jre\bin\rmiregistry.exe 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\fy.txt 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\META-INF\MANIFEST.MF 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msador28.tlb 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\System\msadc\adcvbs.inc 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msadrh15.dll 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\adojavas.inc 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ms.txt 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\System\ado\msado27.tlb 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\db\lib\derbyLocale_pl.jar 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Internet Explorer\en-US\iexplore.exe.mui 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File created \??\c:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.properties 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\org.apache.felix.gogo.shell_0.10.0.v201212101605.jar 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\Locales\ko.pak 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Google\Chrome\Application\89.0.4389.114\VisualElements\SmallLogoBeta.png 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe File opened for modification \??\c:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.historicaldata_5.5.0.165303.jar 801712840b1c1ce917fa61d09eadce9e5df2fd08e6747073f93730a0c24f5ffb.exe