5588700ef91120c52067e8b541c748c3d20ad8848a01349191993080b843f3fb

Analysis

max time kernel
168s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 22:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

143866f94ece458dfd65cb553b9e49ca.exe
Size

128KB
MD5

143866f94ece458dfd65cb553b9e49ca
SHA1

aa001aeb57acace0a4ab62c01def7d4311a5c360
SHA256

5588700ef91120c52067e8b541c748c3d20ad8848a01349191993080b843f3fb
SHA512

ea0d4a718c171113e35c01a90d856eafe7c1a0d336d2cf77ce1f5e3d141dcc376ca336350992595c08f6f6954d05c27c96159b475a7a209276ab6d81c3960476
SSDEEP

1536:WInERoZ54OF/tQi99rtuUXKIs4/18bz/uf3YTpIPzo6TtxY9UzGbGz+DVrex1amk:BnEOei99xNKkOzyIT2PzfTyRNrex1amk

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-983843758-932321429-1636175382-1000\desktop.ini	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-983843758-932321429-1636175382-1000\desktop.ini	143866f94ece458dfd65cb553b9e49ca.exe
File created	\??\c:\Program Files\desktop.ini	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\desktop.ini	143866f94ece458dfd65cb553b9e49ca.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-ppd.xrm-ms	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sa.txt	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\System.Windows.Forms.resources.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Xaml.resources.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Grace-ul-oob.xrm-ms	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipskor.xml	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.AccessControl.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\sunmscapi.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\sspi_bridge.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\jpeg.md	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\ssvagent.exe	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.OpenSsl.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\ReachFramework.resources.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_MAK-ul-phn.xrm-ms	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\DebugWait.m4a	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\.version	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Concurrent.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\lib\psfontj2d.properties	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Timer.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\PresentationCore.resources.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\net.properties	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Threading.Tasks.Extensions.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ppd.xrm-ms	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages.properties	143866f94ece458dfd65cb553b9e49ca.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Xaml.resources.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\Excel2019VL_MAK_AE-ul-phn.xrm-ms	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Presentation.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\policytool.exe	143866f94ece458dfd65cb553b9e49ca.exe
File created	\??\c:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\dom.md	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\ext\zipfs.jar	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.resources.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\ReachFramework.resources.dll	143866f94ece458dfd65cb553b9e49ca.exe
File created	\??\c:\Program Files\Internet Explorer\ExtExport.exe	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationFramework.resources.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Diagnostics.PerformanceCounter.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\logging.properties	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll	143866f94ece458dfd65cb553b9e49ca.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\UIAutomationProvider.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\WindowsBase.resources.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\ucrtbase.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationTypes.resources.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\legal\jdk\joni.md	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Microsoft Office\root\Licenses16\O365EduCloudEDUR_Grace-ppd.xrm-ms	143866f94ece458dfd65cb553b9e49ca.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Mail.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\UIAutomationClientSideProviders.resources.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\lib\cmm\sRGB.pf	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jre-1.8\lib\security\java.policy	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\7-Zip\License.txt	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.DiaSymReader.Native.amd64.dll	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\legal\javafx\webkit.md	143866f94ece458dfd65cb553b9e49ca.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak	143866f94ece458dfd65cb553b9e49ca.exe

C:\Users\Admin\AppData\Local\Temp\143866f94ece458dfd65cb553b9e49ca.exe
"C:\Users\Admin\AppData\Local\Temp\143866f94ece458dfd65cb553b9e49ca.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
240KB

MD5
af4307454adff03807196884d77b3046

SHA1
9f81c53c6abcd08cc1ee175a03f8f530b42d8876

SHA256
f8a7850059c9337673b0ba69238bd709e237478cabcb3066d79245955352d22e

SHA512
77703f3e51613a2aaaab96fc7731fa8d2716f26a7c0d4558bc465139bf32b0f06c0a19a7e41b62f60e75d8f2b0e5dd9c9dfb3bf4107a9f36d8467dd608e4874a

Download Submit
C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ul-phn.xrm-ms

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/3892-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3892-389-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads