157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828

General

Target

157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
Size

26KB
MD5

1771be569a027108f7f10bb08c13da6d
SHA1

a491e4873931bd391add507ca86576c7955fef07
SHA256

157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828
SHA512

44b15e7e154dcbdc7f405662571c76479de4d696be5849da27a85b7d38344e20ed07964ddc0e01122bda9dd14689fe5a43904e2072e0c1b3b95d484aaa56c327
SSDEEP

384:8Oa+ijNOY9rkyIDaFErNSrzNvOcal9qgeOEOa+ijNOY9rkyIDaFErNSrzNvOcalN:Z1uAkERoZp9Ox1uAkERoZp9OAk

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

Processes:

157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe

description	ioc	process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3406023954-474543476-3319432036-1000\desktop.ini	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3406023954-474543476-3319432036-1000\desktop.ini	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe

Drops file in Program Files directory 64 IoCs

Processes:

157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe

description	ioc	process
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mng2.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hr.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\AddUnpublish.wmf	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-changjei.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sv.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ko.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ba.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mng.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sl.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\es.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fur.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\lt.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\et.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hu.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\kk.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nn.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\cy.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe

C:\Users\Admin\AppData\Local\Temp\157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
"C:\Users\Admin\AppData\Local\Temp\157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1416-54-0x00000000767B1000-0x00000000767B3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing