139547f9eefe6e8bde87c7f14bb466c42f310562e05f053cf2d53a451656898c

Analysis

max time kernel
194s
max time network
201s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 16:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7b3eb285c88aea348280f90833b31427.exe
Size

481KB
MD5

7b3eb285c88aea348280f90833b31427
SHA1

e28770801d83c4a55316e6c6ca9385d40233a5bd
SHA256

139547f9eefe6e8bde87c7f14bb466c42f310562e05f053cf2d53a451656898c
SHA512

0ee7fff3b3133c48270ab123c5a9c913c61563d5691e38d08f7c6b149aad767abd65d4dec11f6cf3c96fb5a49b9f51a34e7e1f74a1329c6fb56e8df77ddb67f0
SSDEEP

6144:P+fAz16PHyUycgZ8KfjDwOniAa4EwjhOs/pot3rfwJmSVw:P+Iz16fPycgZfbDp9HOHtL8mSi

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-635608581-3370340891-292606865-1000\desktop.ini	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-635608581-3370340891-292606865-1000\desktop.ini	7b3eb285c88aea348280f90833b31427.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\bg.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ko.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pt-br.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\zh-tw.txt	7b3eb285c88aea348280f90833b31427.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ky.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ro.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\zh-cn.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\vi.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sv.txt	7b3eb285c88aea348280f90833b31427.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\descript.ion	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ba.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\lv.txt	7b3eb285c88aea348280f90833b31427.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\tg.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\an.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\eo.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ru.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\7-zip.chm	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\es.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ar.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fa.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hi.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\7-zip32.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sk.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ta.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ext.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pl.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hy.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\en.ttt	7b3eb285c88aea348280f90833b31427.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.tr-tr.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fur.txt	7b3eb285c88aea348280f90833b31427.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\it.txt	7b3eb285c88aea348280f90833b31427.exe

C:\Users\Admin\AppData\Local\Temp\7b3eb285c88aea348280f90833b31427.exe
"C:\Users\Admin\AppData\Local\Temp\7b3eb285c88aea348280f90833b31427.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
594KB

MD5
954cf23c0090b84235373f84032c4adc

SHA1
5fbc63a56141f0c0c6e26ecb3d95ea96a9583b60

SHA256
18bfde374485a308d273b817f57ebc7523d25520b43c8c5a7248a1a0e028595d

SHA512
2e5576391009d93f4f058da34e5e78b8af856a178fe036b1a4d231f1fac5af9b07f25057379aa269fb2b3ef197cb51fb49ead126da90700bba11d409012c7756

Download Submit
memory/3600-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3600-1-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3600-45-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3600-95-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3600-150-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3600-153-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3600-156-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3600-159-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3600-214-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3600-215-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads