8f97ea0514a368fd099715fb2bffc7d7480530a03631b78762e5e8f9b8a1e6f5

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0026eb355cd9b90a546bd29c110913f1.exe
Size

4.9MB
MD5

0026eb355cd9b90a546bd29c110913f1
SHA1

61744e7088086f0bb1faed13f1be176970a8a042
SHA256

8f97ea0514a368fd099715fb2bffc7d7480530a03631b78762e5e8f9b8a1e6f5
SHA512

02d462bc1de595ce2c1dd2b15fca745678e2c3fc98f18c7e4098a8da6307c4d84bbb262ac1ae11e88a2001ec81646bae460f8b5f6479000a8321315a2394e8d3
SSDEEP

49152:IYDYoyyYDYmYgGd3334IOdYrpJgWb2n8yIyiVPh74Gzqmf6aGgKq9+Qn/Jf4MgVl:JMoyckGd3334tKYXrwVegzyVPKAd

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3470981204-343661084-3367201002-1000\desktop.ini	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3470981204-343661084-3367201002-1000\desktop.ini	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\desktop.ini	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\desktop.ini	0026eb355cd9b90a546bd29c110913f1.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Eurosti.TTF	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\Common.fxh	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\desktop.ini	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\System\wab32.dll	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\BackupClear.emf	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.rll	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\DVD Maker\it-IT\OmdProject.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\7-Zip\descript.ion	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msdaprst.dll	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uk.txt	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\System\en-US\wab32res.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sv.txt	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\tr.txt	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msdatl3.dll	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hi.txt	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui	0026eb355cd9b90a546bd29c110913f1.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL	0026eb355cd9b90a546bd29c110913f1.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msadcer.dll	0026eb355cd9b90a546bd29c110913f1.exe

C:\Users\Admin\AppData\Local\Temp\0026eb355cd9b90a546bd29c110913f1.exe
"C:\Users\Admin\AppData\Local\Temp\0026eb355cd9b90a546bd29c110913f1.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
1.9MB

MD5
c6a6fbaa9374ed2e74309f66bc8b2936

SHA1
f86573e97726bbc3e717fb4bd0cc595af833873f

SHA256
2bf169f46095fc0489f2bbd93dff8a580fb747dfc0a29257cf49cf7cd80be8d5

SHA512
f8fb3e8a4b6bb1c78bd25ade9739ed65d5bb0aae87e183afc97efbcdca1271fb7343761d780223938e188e79fa83755833465829113e6b26a03180d86ffd5934

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2384-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2384-227-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads