94e51082998cd183a07ea168a3395bc9e3faa55b14dd2ff48607a46a53ee1711

Analysis

max time kernel
180s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 10:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17c93b332ed7adc5c70424d5edf3a9e8.exe
Size

300KB
MD5

17c93b332ed7adc5c70424d5edf3a9e8
SHA1

325c92cd6313c1a4bb7ef37cd40e2c1aba0f3173
SHA256

94e51082998cd183a07ea168a3395bc9e3faa55b14dd2ff48607a46a53ee1711
SHA512

09263294758b3b2f339b7b6292ca7957d4bd96045c9ec1ea53552a8e9938b40ff78c7234e29aee88967dc0f3140e0d81fddaf57307d825950e82025ec7259456
SSDEEP

6144:Hwq+TyiYixTmAcThAkZThMTMp7WVoUBJoZDWL4JVVTBR:qXYix1c60yq7QVbo7JVVT/

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-928733405-3780110381-2966456290-1000\desktop.ini	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-928733405-3780110381-2966456290-1000\desktop.ini	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\desktop.ini	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\desktop.ini	17c93b332ed7adc5c70424d5edf3a9e8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\et.txt	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\DirectDB.dll	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\adcjavas.inc	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\co.txt	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\lt.txt	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fy.txt	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\tk.txt	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\kaa.txt	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Services\verisign.bmp	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado15.dll	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	17c93b332ed7adc5c70424d5edf3a9e8.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.dll	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\7-Zip\License.txt	17c93b332ed7adc5c70424d5edf3a9e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat	17c93b332ed7adc5c70424d5edf3a9e8.exe

C:\Users\Admin\AppData\Local\Temp\17c93b332ed7adc5c70424d5edf3a9e8.exe
"C:\Users\Admin\AppData\Local\Temp\17c93b332ed7adc5c70424d5edf3a9e8.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
3.9MB

MD5
93ab4f71e2acdfe45fcc3a4f754ecd57

SHA1
3b4790414709a2ca7570f75b3510b5dde181c6eb

SHA256
9a647f997b8b4187818d212ebb217eefe244b44d7159a7405f36346663835a1c

SHA512
31bd70efd558a4ea7bfe5d4930d1100a5bb26c51c5b70dbecec220d8a72a82e90ace7be1c3440509e9e7baf3e48cc72483628faa6eb2283ac6d2aaf7fa32d817

Download Submit
memory/2688-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2688-21-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads