156c3a74b50681eace55a55f3736b303ddac90b16ac7761d916940f5747a5a81

Analysis

max time kernel
152s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 05:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0766c4c26fcb1f4769b2a7a3aeb501b4.exe
Size

140KB
MD5

0766c4c26fcb1f4769b2a7a3aeb501b4
SHA1

d8e00b4b6b819731841f63ad19e397fb0948f84e
SHA256

156c3a74b50681eace55a55f3736b303ddac90b16ac7761d916940f5747a5a81
SHA512

d8788d344bbb7df13fe5b67c7ee9722eb11cb0aed7f22c04bea6b8cd66928215ab083fab824f6148cc3b67412dfc94f3389d293960fa127606445d709e19781f
SSDEEP

1536:aaqR4ON/tQi99rtuUXKIs4/18bz/uf3YTpIPzo6TtxY9UzGbreOTeY+TGx7Wac/I:a2i99xNKkOzyIT2PzfTyRSO5+TyiacA

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-996941297-2279405024-2328152752-1000\desktop.ini	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-996941297-2279405024-2328152752-1000\desktop.ini	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File created	\??\c:\Program Files\desktop.ini	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\desktop.ini	0766c4c26fcb1f4769b2a7a3aeb501b4.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-interlocked-l1-1-0.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Primitives.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\tipskins.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.MemoryMappedFiles.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Cng.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uk.txt	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Xaml.resources.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.Annotations.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Formats.Tar.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Reader.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\WindowsFormsIntegration.resources.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\System.Windows.Controls.Ribbon.resources.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado21.tlb	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\createdump.exe	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Classic.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsBase.resources.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationTypes.resources.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.VisualBasic.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\EnableImport.mpg	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.EventBasedAsync.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\Microsoft.VisualBasic.Forms.resources.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-localization-l1-2-0.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\cy.txt	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-locale-l1-1-0.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationCore.resources.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Windows.Forms.Design.resources.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\br.txt	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pt.txt	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Transactions.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\7-Zip\7zFM.exe	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\WindowsBase.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msador15.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.UnmanagedMemoryStream.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\ReachFramework.resources.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\it.txt	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-1-0.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Forms.Design.resources.dll	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui	0766c4c26fcb1f4769b2a7a3aeb501b4.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\adojavas.inc	0766c4c26fcb1f4769b2a7a3aeb501b4.exe

C:\Users\Admin\AppData\Local\Temp\0766c4c26fcb1f4769b2a7a3aeb501b4.exe
"C:\Users\Admin\AppData\Local\Temp\0766c4c26fcb1f4769b2a7a3aeb501b4.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
252KB

MD5
0d643f12146fc3d0be3bc3253428420b

SHA1
8c9faaf5de97f417444f9f41e84fba30b93425dd

SHA256
13df4c72c61943128bd485a0bc57343ae85f0f35c5e3af766507b25613609c35

SHA512
3d33f114cbb1eb3bcc37d3eec2406453cb25dc858b4af1081d7e22d8e6e80c31e3f5f1f07a276579907953347b3a6b44aea8c2bf456230f4a4c56aeb19ac6edd

Download Submit
memory/1728-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1728-91-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1728-197-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1728-199-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1728-208-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1728-884-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1728-891-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1728-895-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1728-900-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1728-1219-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1728-1236-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads