a09debf784a549543d6fd73213f295921554cd4aa66fe188b3f8f7e49261de8d

Analysis

max time kernel
162s
max time network
166s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 04:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52f12fb9cf9dd06a6bb4077c20d2ab48.exe
Size

7.7MB
MD5

52f12fb9cf9dd06a6bb4077c20d2ab48
SHA1

1070c1da8bffde7e2905c2395420db46b3a2fc1c
SHA256

a09debf784a549543d6fd73213f295921554cd4aa66fe188b3f8f7e49261de8d
SHA512

c9bea98e9b0f338e72682c1dad23771192534c17092d21e27d57bb838153590d7dde84b8fa6ea936b93b45776e45501404433cb7e748a858b95413e1ac909956
SSDEEP

98304:DyVPKAutLK3BDhtvS0Hpe4zbpaAKQkroGIUd3334B:uBnvjeApaAvkt/d3334B

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-1603059206-2004189698-4139800220-1000\desktop.ini	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1603059206-2004189698-4139800220-1000\desktop.ini	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\desktop.ini	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\desktop.ini	52f12fb9cf9dd06a6bb4077c20d2ab48.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\7-Zip\Lang\gl.txt	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\System\msadc\adcjavas.inc	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\DVD Maker\Pipeline.dll	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fr.txt	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fy.txt	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\adovbs.inc	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mn.txt	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msadrh15.dll	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\journal.dll	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\7-Zip\7-zip.dll	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InputPersonalization.exe.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\System\msadc\adcvbs.inc	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hi.txt	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nl.txt	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\7-Zip\7zFM.exe	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadomd.dll	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll	52f12fb9cf9dd06a6bb4077c20d2ab48.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui	52f12fb9cf9dd06a6bb4077c20d2ab48.exe

C:\Users\Admin\AppData\Local\Temp\52f12fb9cf9dd06a6bb4077c20d2ab48.exe
"C:\Users\Admin\AppData\Local\Temp\52f12fb9cf9dd06a6bb4077c20d2ab48.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
13.3MB

MD5
42a2e699e5e79fc2262b9e1f5c94253b

SHA1
55da6f153a1d3556a9ea9dd4d7567e3988e35b56

SHA256
38605534767bca2271a535faa8d393108567432fffd0318c724f2a165bc42648

SHA512
3a4f2e65f1a34c4b196e5b1dc4c84ba902a8242e8d92161d01e94dd489f05b2f4ccf2a8a14b64b3b5ce37e1dcce05b47ed64cb2f6ce56c6116727364ebd5c10f

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2796-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2796-12-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2796-33-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2796-110-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2796-208-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2796-235-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads