302dc3bfba06f57eceff7ce7b7819d48a7baef163bc44723f5c5a74b8fdd7dda

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00332cb9e549a3151505b7ce5b246118.exe
Size

9.4MB
MD5

00332cb9e549a3151505b7ce5b246118
SHA1

46fba1780a40a3cd79c68d13417bd241ad28acc9
SHA256

302dc3bfba06f57eceff7ce7b7819d48a7baef163bc44723f5c5a74b8fdd7dda
SHA512

0f690d91549e825a32878a54721bc9f08d88aec9c37c248e9719770fa0710c7b1a7919e20741887fffdade9640d9627c6ac1ba25b86f112fd0946553e4cf56df
SSDEEP

98304:AR2ESEubDm0VAaIMcxwY2sajeBiqVmrgq8no:spuGzaZI7zzmMno

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\desktop.ini	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-3818056530-936619650-3554021955-1000\desktop.ini	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3818056530-936619650-3554021955-1000\desktop.ini	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\desktop.ini	00332cb9e549a3151505b7ce5b246118.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\it-IT\msadcfr.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\oledb32.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\DirectDB.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msadce.dll	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\DVD Maker\directshowtap.ax	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado21.tlb	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadomd.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msadcor.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\DVD Maker\PipeTran.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\7-Zip\7-zip32.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.rll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\tk.txt	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml	00332cb9e549a3151505b7ce5b246118.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\va.txt	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll	00332cb9e549a3151505b7ce5b246118.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui	00332cb9e549a3151505b7ce5b246118.exe

C:\Users\Admin\AppData\Local\Temp\00332cb9e549a3151505b7ce5b246118.exe
"C:\Users\Admin\AppData\Local\Temp\00332cb9e549a3151505b7ce5b246118.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
3.0MB

MD5
1e170fbfc501cbd8bfe973b8811898ec

SHA1
a1b1b7b52e9ebbf0d2728037ab9e78b77ac9fdeb

SHA256
527463b70c57ea73fd2c5ba38a92592d0f2b91ca5fb17121e98b94326aa53ce5

SHA512
6d8cd65ea128cee6887d99b4abf1983d6978219c47353cf9928d3fc7e1918af1b2ca1b2840df10e32781f11d09c57fe2c52b77f03acfc6ac8ba5a11cb6a4cf5f

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/1720-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1720-232-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads