6a0e1d6f0c34ccec04b4dc54459e643fa259a51a710b86ad20c6eb0c5b0853e8

Analysis

max time kernel
8s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 11:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6b8e3ba066d093cd1f794caac9390d66.exe
Size

218KB
MD5

6b8e3ba066d093cd1f794caac9390d66
SHA1

1d07cd19725497059ae3d2cb07059ad48212da86
SHA256

6a0e1d6f0c34ccec04b4dc54459e643fa259a51a710b86ad20c6eb0c5b0853e8
SHA512

ae3562c96d35b947606238eee4d6ee0fc53f5d18dc771b7bd755040dea01d8584d26bb5aab8bb82318dd16491e39190bc5f0276366e5179401a1b4f5e88c44f7
SSDEEP

3072:aiG8txTVSO5+TyiRsGsQU4qeNMSgExAYK9daktUlU5Or0TwhV401d7GFQ0wAHO1K:Vnn+TyidqqMSbx9K9vtUl4HTKhpRipD

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\desktop.ini	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-3818056530-936619650-3554021955-1000\desktop.ini	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3818056530-936619650-3554021955-1000\desktop.ini	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\desktop.ini	6b8e3ba066d093cd1f794caac9390d66.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\bg.txt	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msdarem.dll	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\el.txt	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_elf.dll	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sw.txt	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msdaremr.dll	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\soniccolorconverter.ax	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mr.txt	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png	6b8e3ba066d093cd1f794caac9390d66.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml	6b8e3ba066d093cd1f794caac9390d66.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui	6b8e3ba066d093cd1f794caac9390d66.exe

C:\Users\Admin\AppData\Local\Temp\6b8e3ba066d093cd1f794caac9390d66.exe
"C:\Users\Admin\AppData\Local\Temp\6b8e3ba066d093cd1f794caac9390d66.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
1.1MB

MD5
12872d1629ef602b7acbd13fbc8d3384

SHA1
43b944416b89e2ca02b608d0a74dbc9914c2b9d4

SHA256
e0c27e3bfcf9428282795d3ee959b82ff9764a1ab70cef0a194f01e201b75cbf

SHA512
777ec23d755f65e72f2e4b6f00491fec231fb5950d0a86f8c87e2b016b702783d4b380d92aa53a80071d48715b23f08f0fef0ea35d097fe0991436b3dfbd5644

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\epl-v10.html

Filesize
12KB

MD5
386b6087dd9575fc6b8ada0f7a463723

SHA1
5373d4ffd89438a60b8ae0858c3bc4e8d37f540a

SHA256
ef494685ac9644ba5672cfc49c6efe5e09a2d71706d5cf4b57171f7d5f7a70d1

SHA512
1d39dd2dd736431ebe0e7f16a9f10b748e522cfee03a187ad020708e48ed676a21eef6b3ac3b1f600cff2e19f1d30ca25f682fe773650b3fc97e20f0afd8557b

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf

Filesize
62B

MD5
f6dbc4b34179e10f9b6c0e2d5d24c2c6

SHA1
1c53d71700022886c41b568a9514924fd3c1c62b

SHA256
05df06e24037881941804db6ca15f7a25dd10a536b0f642e7a3d09de07256206

SHA512
25a2bc555f2e49610a0490377bf687188f7e13931cbd8e29482584e552b65a2e51fe84fa5153825517a011d7b65df831911c302ae482b23fa0b118524e8af24b

Download Submit
memory/2800-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2800-1308-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads