4f9fb64705c52f02e717c04e9e428940b27b6f7535b528ed56cf3de830da9abe

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00c3377736e24a2f457fa1177b9ca833.exe
Size

12.0MB
MD5

00c3377736e24a2f457fa1177b9ca833
SHA1

14480c7693af25156796783a15b73776bece5517
SHA256

4f9fb64705c52f02e717c04e9e428940b27b6f7535b528ed56cf3de830da9abe
SHA512

a4ac34fbb49cf889f09271afecd6b6d14db8d9e7ab248f0bf853a3a315bef812a94d17907079b806e17620008722cf865bacb0349a9bfedd66e52c73da57def6
SSDEEP

98304:ZV+yVPKAmtLK3BDhtvS0Hpe4zbpaAKQkroGI3UbYZfgs0Qlxd:3BnvjeApaAvktWU64sN

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\desktop.ini	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\desktop.ini	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-2444714103-3190537498-3629098939-1000\desktop.ini	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-2444714103-3190537498-3629098939-1000\desktop.ini	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	00c3377736e24a2f457fa1177b9ca833.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\FlickLearningWizard.exe.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\msdaosp.dll	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\oledbvbs.inc	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\Common.fxh	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\DVD Maker\PipeTran.dll	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadrh15.dll	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ku-ckb.txt	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\7-Zip\Uninstall.exe	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui	00c3377736e24a2f457fa1177b9ca833.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Services\verisign.bmp	00c3377736e24a2f457fa1177b9ca833.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	00c3377736e24a2f457fa1177b9ca833.exe

C:\Users\Admin\AppData\Local\Temp\00c3377736e24a2f457fa1177b9ca833.exe
"C:\Users\Admin\AppData\Local\Temp\00c3377736e24a2f457fa1177b9ca833.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
663KB

MD5
d4e2b07d27980ce5adb552ea5703c78b

SHA1
c680d1a362f3642343b4c633d3771da34724b165

SHA256
288949e65fb29848bf2ff5289223f602b44c3ead64854db3f0aff429d2713584

SHA512
41675ef4617eaca023cd2fd2c36abfa83d1a2d27b38bd794d16def65aeecfafc69980d9d3b014127a2ab66e68cf180831826b630650f99ae5d06f30f3d9d351d

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2432-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2432-26-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2432-28-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2432-30-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2432-35-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2432-88-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2432-100-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2432-209-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2432-241-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads