Analysis
-
max time kernel
122s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
22/12/2023, 04:15
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
61b5b44949812bf50a0edef89b02ae20.exe
Resource
win7-20231215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
61b5b44949812bf50a0edef89b02ae20.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
61b5b44949812bf50a0edef89b02ae20.exe
-
Size
148KB
-
MD5
61b5b44949812bf50a0edef89b02ae20
-
SHA1
1ed24bf260dcd35b25fb8b01b0c3bda52cf9025f
-
SHA256
5e93d0f7e7e9264e8b3cdf6a53805732ffbf5cda6ad16eccd7b211a71ecccece
-
SHA512
e226080fe1ce94420a89bebf40db8d19d6b9852c2f6d89b6be71c0be7067d7a248da117bd70d8c55f253da8ebbe3a61ade9371d33b497ebb5f3d3937a6d612c9
-
SSDEEP
3072:R6QEa7TFNeL9jxcnS5mbVfAhzZDXwnsYtbSLVJAnog:R6QHTX2jxD5hZXw7ZKJAn
Score
4/10
Malware Config
Signatures
-
Drops file in Program Files directory 50 IoCs
description ioc Process File opened for modification C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSQRY32.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Microsoft Games\Chess\Chess.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\ACCICONS.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSPUB.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Internet Explorer\iexplore.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\XLICONS.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Mozilla Firefox\updater.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\SETLANG.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Microsoft Games\Hearts\Hearts.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Mozilla Firefox\minidump-analyzer.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\VideoLAN\VLC\uninstall.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Mozilla Firefox\uninstall\helper.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\misc.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\SELFCERT.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ieinstal.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ielowutil.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Mozilla Firefox\crashreporter.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Mozilla Firefox\firefox.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Mozilla Firefox\plugin-container.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Internet Explorer\ExtExport.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\INFOPATH.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSOUC.EXE 61b5b44949812bf50a0edef89b02ae20.exe File opened for modification C:\Program Files\Mozilla Firefox\default-browser-agent.exe 61b5b44949812bf50a0edef89b02ae20.exe