5191e1c5c2767dfdc2317285fc3c03cc5b08e481be29597f9abfb255d7b1500f

Analysis

max time kernel
129s
max time network
138s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6eb1e9c805834377a6f1389897d09040.exe
Size

366KB
MD5

6eb1e9c805834377a6f1389897d09040
SHA1

a6ed0297c919e18a52f46a8925a05cf89a629945
SHA256

5191e1c5c2767dfdc2317285fc3c03cc5b08e481be29597f9abfb255d7b1500f
SHA512

a4952c447d9aff4d7c374375055673ee3d2345cade93e0fe04d541631ec15da9080758fa9dfc293985c1f7dd66fd33f3809a0b5d76c28e2a3ac5eb6550120477
SSDEEP

6144:DhwF5w6dLyCXlHWslyPlxPDHt/OE+WvwROFCD0u0i/ls:1wFQCxlyfPDEWvwROFCD0u0i/ls

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-2444714103-3190537498-3629098939-1000\desktop.ini	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-2444714103-3190537498-3629098939-1000\desktop.ini	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\desktop.ini	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\desktop.ini	6eb1e9c805834377a6f1389897d09040.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\7-Zip\7-zip.chm	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sr-spl.txt	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\DVD Maker\Eurosti.TTF	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\LICENSE	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Internet Explorer\ieproxy.dll	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\lt.txt	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\si.txt	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\br.txt	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ps.txt	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\access-bridge-64.jar	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Internet Explorer\pdmproxy100.dll	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\an.txt	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\et.txt	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msader15.dll	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak	6eb1e9c805834377a6f1389897d09040.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png	6eb1e9c805834377a6f1389897d09040.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui	6eb1e9c805834377a6f1389897d09040.exe

C:\Users\Admin\AppData\Local\Temp\6eb1e9c805834377a6f1389897d09040.exe
"C:\Users\Admin\AppData\Local\Temp\6eb1e9c805834377a6f1389897d09040.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2480

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
603KB

MD5
a19af00fc1bf4f75958377c73e6892b4

SHA1
c2d04d8d426f9957247e3a622e3da9c9c5229c52

SHA256
29d55495c49387b40273157c724e4e6a5bcfe902ce472808f2458b6c78558ec2

SHA512
608450e482d0febc8466018e184d2c1ba3c9e5ebbc17beeefe68336557cd620ec8d8c38dfd9e71599fc454f3a546871c68ad59eecfa0e94766a0468ea1db5aa9

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer

Filesize
5KB

MD5
6b99099c6a9b959f824e420676fe3dc8

SHA1
ba9e3b5f2f7f710d263272019be5bf5db33bf614

SHA256
34d5d8dc208ef8c73bb46fb3002fa22b8954d52a4e53be3c56b9801aeab56918

SHA512
dfe061ddec4106e68c8ea789009b0e6bf7d27072bebd0bdb724e4ccadd215b9122b04198bbc362753e2b35af16d993ddf89b44b29bb79c0e7a16eeb97f3b3d26

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2480-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2480-41-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2480-51-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2480-203-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2480-231-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2480-247-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2480-684-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads