d1cca6db1134ec29e3437549054dfefc21ac209b1842077e737bcddb2c2b36e5

Analysis

max time kernel
140s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 10:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17edb8a7356024c270fa3cfe57de8f1c.exe
Size

238KB
MD5

17edb8a7356024c270fa3cfe57de8f1c
SHA1

65482c38d88adc4be4fa09171fb520e209c266d6
SHA256

d1cca6db1134ec29e3437549054dfefc21ac209b1842077e737bcddb2c2b36e5
SHA512

550c758d6cd72c58b575a4a9a8fdb371a36cd9af830bfe4056492c64fd5daa1835568348949016f3868923fb0cde111d67c779666964bd6d5b564e592eabead8
SSDEEP

6144:He+fp7f6ixTmAcThAkZThMTMgixTmAcThAkZThMTM1:++oix1c60yTix1c60yE

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\desktop.ini	17edb8a7356024c270fa3cfe57de8f1c.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-2398549320-3657759451-817663969-1000\desktop.ini	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-2398549320-3657759451-817663969-1000\desktop.ini	17edb8a7356024c270fa3cfe57de8f1c.exe
File created	\??\c:\Program Files\desktop.ini	17edb8a7356024c270fa3cfe57de8f1c.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\UIAutomationClientSideProviders.resources.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\UIAutomationClient.resources.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Controls.Ribbon.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\System.Xaml.resources.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Input.Manipulations.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Claims.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationFramework.resources.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\InkObj.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Configuration.ConfigurationManager.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clretwrc.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak	17edb8a7356024c270fa3cfe57de8f1c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ja-jp.xml	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.Native.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\Microsoft.VisualBasic.Forms.resources.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.resources.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationNative_cor3.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\ktab.exe	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado20.tlb	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TraceSource.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	17edb8a7356024c270fa3cfe57de8f1c.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadox28.tlb	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\System.Windows.Forms.Primitives.resources.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationProvider.resources.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado21.tlb	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\oledb32.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemXml.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\ReachFramework.resources.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\he.txt	17edb8a7356024c270fa3cfe57de8f1c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.IsolatedStorage.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\it-IT\iexplore.exe.mui	17edb8a7356024c270fa3cfe57de8f1c.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\legal\jdk\bcel.md	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ba.txt	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nb.txt	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-processthreads-l1-1-0.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Aero.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Security.Cryptography.Xml.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\micaut.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-libraryloader-l1-1-0.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-locale-l1-1-0.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\WindowsBase.resources.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\PresentationUI.resources.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pl\UIAutomationProvider.resources.dll	17edb8a7356024c270fa3cfe57de8f1c.exe
File opened for modification	\??\c:\Program Files\7-Zip\7zFM.exe	17edb8a7356024c270fa3cfe57de8f1c.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui	17edb8a7356024c270fa3cfe57de8f1c.exe

C:\Users\Admin\AppData\Local\Temp\17edb8a7356024c270fa3cfe57de8f1c.exe
"C:\Users\Admin\AppData\Local\Temp\17edb8a7356024c270fa3cfe57de8f1c.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
350KB

MD5
b293bcf81634fb75929ea20b849188c7

SHA1
bcb5617f9e9006acd78002a94dd6cd872210d832

SHA256
9d6caf58a72629026a812a34df990bd92cabb1e384b38e9bfa1602d4ec08a1b0

SHA512
f59bb97c0b4245e929625ad8f05c6080c756d55e615eecd3469ed032ced7958bec6c5c0a2e17ed7136fa157d5c1df7426ad8111cdafbfdc3e80b7ba7531bd481

Download Submit
memory/4856-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/4856-224-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads