fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e

Analysis

max time kernel
150s
max time network
52s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 13:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
Size

44KB
MD5

ab0f795a828c9b3eb8b597c17cc6913f
SHA1

a19a0539a91d0f97bbfd6275a9b048aed41c901c
SHA256

fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e
SHA512

4f093036fbe00835db5b5edb125a68fa9c5c0fca5b4eb1c6c58deaafa11c3e3787fe6403d467c4a0b73307ec03deed6c26ccb9490d0a82e664e691222453d24d
SSDEEP

384:GBt7Br5xjL9A7AgA71FbhvxRPs689l89TcbMn8gdcbMn8gQYp/pwsfw:W7BlphA7pARFbhbs68/8cYp/pwsfw

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\7-Zip\7zG.exe.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui.tmp	fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe

C:\Users\Admin\AppData\Local\Temp\fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe
"C:\Users\Admin\AppData\Local\Temp\fe6ba96604b299ef5bcec751aec29362f649a0fdf6291534d48184117f24b05e.exe"
1⤵
- Drops file in Program Files directory
PID:1380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-4063495947-34355257-727531523-1000\desktop.ini.tmp

Filesize
44KB

MD5
718a137d0971a03b36798bc4f17f76da

SHA1
2d86612bb7ec930d0293db809e04a7805893df14

SHA256
2fc4b2e735dc271d719cfce075b3c2b0978c5dc5dcd98fbb1dfed0b37488311c

SHA512
bbffe731c8b4ed2fb13de9d9bb111714ffa176f815ebb552fe4eae9d0e432c6bbcdb582b7d3953995688b5c2ee52a67a1c676faa519a8ef05c80ec2e05476e36

Download Submit
memory/1380-54-0x00000000757A1000-0x00000000757A3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads