593ab30f149f092ea47419963149b945e853a240752b81c9c46bdf91a0993655

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 04:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6903d22b4b1fbcec8c2cb00ca8287543.exe
Size

44KB
MD5

6903d22b4b1fbcec8c2cb00ca8287543
SHA1

ae351d8d5ebf0d0f61a016032bc43534edba8609
SHA256

593ab30f149f092ea47419963149b945e853a240752b81c9c46bdf91a0993655
SHA512

bf066228133d63c546942b13458193f9219a170fb7a5ecad4720984f3db6154ec61396a3120384246a398a1133339b1bf9c0a0c4402904c9a444d2c590d787f2
SSDEEP

768:A3DBHqqCjY59YJiWbV891GSsl2QzcOsp9eCNb7YDCT9riEhtnGsgnmITeogLC:A31qUY/VuYrsbeSorirgm6t

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\mspub.exe.manifest	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlcecompact35.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlceer35EN.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\msdatasrc.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\DVD Maker\OmdProject.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\Mozilla Firefox\libEGL.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Apex.thmx	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\Internet Explorer\D3DCompiler_47.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OART.DLL	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\XLCPRTID.XML	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\UseLock.ttc	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\CNFNOT32.EXE	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Microsoft.Office.BusinessApplications.RuntimeUi.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\XOCR3.PSP	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\DVD Maker\ja-JP\OmdProject.dll.mui	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-time-l1-1-0.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\shortcuts_log.ini	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Horizon.thmx	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSACC.OLB	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\mset7es.kic	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BCSRuntime.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Installed_schemas14.xss	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\THIRDPARTYLICENSEREADME.txt	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\DirectDB.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Austin.thmx	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MYSL.ICO	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\ONPPTAddin.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\pdm.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Pushpin.thmx	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSCOL11.INF	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\SIGNUP\install.ins	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Flow.thmx	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\TWCUTLIN.DLL	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\updater.ini	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\Mozilla Firefox\softokn3.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Installed_resources14.xss	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft SQL Server Compact Edition\v3.5\sqlceca35.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSOUTL.OLB	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\OFFXML.DLL	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Adjacency.thmx	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\EMSMDB32.DLL	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\mscss7wre_fr.dub	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\misc.exe	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSWORD.OLB	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\NL7Data0011.DLL	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\OutRepair.potx	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\NL7Lexicons0011.DLL	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\XIMAGE3B.DLL	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.ICO	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\LOOKUP.DAT	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PEOPLEDATAHANDLER.DLL	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\Common Files\System\wab32res.dll	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Document Themes 14\Slipstream.thmx	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\PUBTRAP.DLL	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files\DVD Maker\es-ES\OmdProject.dll.mui	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSCOL11.PPD	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\NL7Models0011.DLL	6903d22b4b1fbcec8c2cb00ca8287543.exe
File opened for modification	C:\Program Files (x86)\MSBuild\Microsoft.Office.InfoPath.targets	6903d22b4b1fbcec8c2cb00ca8287543.exe

C:\Users\Admin\AppData\Local\Temp\6903d22b4b1fbcec8c2cb00ca8287543.exe
"C:\Users\Admin\AppData\Local\Temp\6903d22b4b1fbcec8c2cb00ca8287543.exe"
1⤵
- Drops file in Program Files directory
PID:1340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1340-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads