fe909ac6f8b1719dc08c8335d0fe1aa00bf1081848da0570c67861477643437b

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 04:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

049029fe3626f886f34a03f80f68ee82.exe
Size

2.7MB
MD5

049029fe3626f886f34a03f80f68ee82
SHA1

5b5eac7013559d9589704d5d8bb7d1d9c72ded71
SHA256

fe909ac6f8b1719dc08c8335d0fe1aa00bf1081848da0570c67861477643437b
SHA512

79c9ff221bf4b7c94fc5ac23ca5231e4f321325b47836175dae6d18c0ac5229573fdc0da28d1543bfe34d33100e7a56a7b34f395e29904caaefa6fe87ea8acb9
SSDEEP

49152:of5N666B66666666666666666y6RHywGZMC+Qn/Jf4MgVrVjnTKAdf:oyzZHyVPKAd

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\desktop.ini	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\desktop.ini	049029fe3626f886f34a03f80f68ee82.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ga.txt	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadox.dll	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hr.txt	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\az.txt	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadox28.tlb	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\7-Zip\7-zip32.dll	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\eu.txt	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pl.txt	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sr-spl.txt	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\journal.dll	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\System\wab32.dll	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Eurosti.TTF	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\System\DirectDB.dll	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\desktop.ini	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\desktop.ini	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.sfx	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll	049029fe3626f886f34a03f80f68ee82.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msaddsr.dll	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	049029fe3626f886f34a03f80f68ee82.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sw.txt	049029fe3626f886f34a03f80f68ee82.exe

C:\Users\Admin\AppData\Local\Temp\049029fe3626f886f34a03f80f68ee82.exe
"C:\Users\Admin\AppData\Local\Temp\049029fe3626f886f34a03f80f68ee82.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
8.2MB

MD5
f5e3fc5b9bd7d6d454e0b4f4ff6be6c4

SHA1
ad6aedec9719bab1f38a2fcb8f57884882248492

SHA256
c29b22dd6cf4735127d65866b7c0d55aed89201c2c467208bab6e32a6dc561a2

SHA512
1ae15c2f048eaee55d9be50fa4de8c52c7a029ee2d25b73ed616c91666c8b6353616217df4b866b29afd5c032282df384ed355a11cded1437197bfb5b4cb4779

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/3028-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3028-15-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3028-202-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3028-233-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads