157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828

General

Target

157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
Size

26KB
MD5

1771be569a027108f7f10bb08c13da6d
SHA1

a491e4873931bd391add507ca86576c7955fef07
SHA256

157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828
SHA512

44b15e7e154dcbdc7f405662571c76479de4d696be5849da27a85b7d38344e20ed07964ddc0e01122bda9dd14689fe5a43904e2072e0c1b3b95d484aaa56c327
SSDEEP

384:8Oa+ijNOY9rkyIDaFErNSrzNvOcal9qgeOEOa+ijNOY9rkyIDaFErNSrzNvOcalN:Z1uAkERoZp9Ox1uAkERoZp9OAk

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

Processes:

157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe

description	ioc	process
File created	\??\c:\$Recycle.Bin\S-1-5-21-4246620582-653642754-1174164128-1000\desktop.ini	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-4246620582-653642754-1174164128-1000\desktop.ini	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe

Drops file in Program Files directory 64 IoCs

Processes:

157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe

description	ioc	process
File opened for modification	\??\c:\Program Files\7-Zip\7-zip.chm	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\bg.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nb.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hy.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nn.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\micaut.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\System\ado\msador15.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\gu.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\TipRes.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fr.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tipresx.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\History.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hr.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pa-in.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ko.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\tr.txt	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui	157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe

C:\Users\Admin\AppData\Local\Temp\157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe
"C:\Users\Admin\AppData\Local\Temp\157e106a1dbddc29858ba0a6e0ab744093c10737f9e59b43d379dcf84418d828.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1756

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads