2c35f0cbef3450b3974266d7ffbb256d552585d0a366732d487d3e2839a96870

Analysis

max time kernel
172s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3666c708775556b8befcef5d263476ad.exe
Size

358KB
MD5

3666c708775556b8befcef5d263476ad
SHA1

7eabecb98d6a0682201ac6110dc4e3d901c1d5ee
SHA256

2c35f0cbef3450b3974266d7ffbb256d552585d0a366732d487d3e2839a96870
SHA512

fbb82c12135c7dbfa6b7dbfa56677e7882e7c4c98010aac05f3ce055f3b42b2d0192921b0185f2c88efe9c40a32ffd1f790523546d635694d969af22206bda11
SSDEEP

3072:a2i99xNKk62SexOQtnxrLfH4GPMsS4tPz818aOLAnqxcsXTYefpsxExaZbOn0CPJ:P+fAmJ9PMO5u8XOOoZbbCPPIvydguN

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-996941297-2279405024-2328152752-1000\desktop.ini	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-996941297-2279405024-2328152752-1000\desktop.ini	3666c708775556b8befcef5d263476ad.exe
File created	\??\c:\Program Files\desktop.ini	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\desktop.ini	3666c708775556b8befcef5d263476ad.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Queryable.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Forms.Primitives.resources.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Diagnostics.EventLog.Messages.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\bn.txt	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll	3666c708775556b8befcef5d263476ad.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.AccessControl.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\cs\System.Windows.Forms.Design.resources.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\PresentationFramework.resources.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hi.txt	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui	3666c708775556b8befcef5d263476ad.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui	3666c708775556b8befcef5d263476ad.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Console.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Quic.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Data.Common.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Pipes.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.ServicePoint.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.DataContractSerialization.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.DiaSymReader.Native.amd64.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\System.Windows.Forms.Design.resources.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\PresentationCore.resources.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.MemoryMappedFiles.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado25.tlb	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationNative_cor3.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Extensions.dll	3666c708775556b8befcef5d263476ad.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\ReachFramework.resources.dll	3666c708775556b8befcef5d263476ad.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\UIAutomationProvider.resources.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ko.txt	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-interlocked-l1-1-0.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Primitives.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fi.txt	3666c708775556b8befcef5d263476ad.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	3666c708775556b8befcef5d263476ad.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\oledb32.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Extensions.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Accessibility.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\vcruntime140_cor3.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-timezone-l1-1-0.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-util-l1-1-0.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hans\PresentationUI.resources.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\af.txt	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui	3666c708775556b8befcef5d263476ad.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\tipskins.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.Native.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\WindowsBase.resources.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\System.Windows.Forms.Primitives.resources.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Aero2.dll	3666c708775556b8befcef5d263476ad.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Xaml.resources.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipscht.xml	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-private-l1-1-0.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlSerializer.dll	3666c708775556b8befcef5d263476ad.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hans\PresentationCore.resources.dll	3666c708775556b8befcef5d263476ad.exe

C:\Users\Admin\AppData\Local\Temp\3666c708775556b8befcef5d263476ad.exe
"C:\Users\Admin\AppData\Local\Temp\3666c708775556b8befcef5d263476ad.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
248KB

MD5
b3ca63912a6eb090d9308a4703776f9d

SHA1
d39b42be4226b77babd3891393ada5d24fadaad7

SHA256
acd376737dcd8037531492180032d5636f2a3c2f60f57a8625083be591450dc9

SHA512
d8c27e92af1633372bbdb69ace825a78b991e6387a9abfa831b6065cb26f2652f7d732b51297b90969a296d277b0a010bcaf1ebd36bd3e689f2f5ca62d4a8ad1

Download Submit
memory/4492-625-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4492-207-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4492-208-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4492-209-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4492-214-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4492-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4492-856-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4492-858-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4492-860-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4492-862-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4492-864-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4492-1154-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4492-1220-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads