530e4a75f9f5a2c7364e7cffa604baee0c023278bb1c90d4434f16cfc971531a

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

010c62e22a37e742a7ea347a58c86366.exe
Size

3.9MB
MD5

010c62e22a37e742a7ea347a58c86366
SHA1

a2dd17da81fce6943e76f21989433c772bec7719
SHA256

530e4a75f9f5a2c7364e7cffa604baee0c023278bb1c90d4434f16cfc971531a
SHA512

caf26cd40e605ab8c0ac8fbf064f46282e0c38813e70a7161859141096ff225d490360d9490e788a38b2f9ae346d71029b0c47fb96019bf0b491589e64ea229d
SSDEEP

49152:m0MLfUkhbuRKwpB3UJuxtxujXabE+Qn/Jf4MgVrVjnTKAdf:m0eH0UJuxtxCaGyVPKAd

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3601492379-692465709-652514833-1000\desktop.ini	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3601492379-692465709-652514833-1000\desktop.ini	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\desktop.ini	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\desktop.ini	010c62e22a37e742a7ea347a58c86366.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\7-Zip\readme.txt	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\desktop.ini	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ne.txt	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado21.tlb	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\System\ado\msader15.dll	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\DVD Maker\directshowtap.ax	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fy.txt	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\DVD Maker\PipeTran.dll	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\System\de-DE\wab32res.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.sfx	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.rll	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui	010c62e22a37e742a7ea347a58c86366.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	010c62e22a37e742a7ea347a58c86366.exe

C:\Users\Admin\AppData\Local\Temp\010c62e22a37e742a7ea347a58c86366.exe
"C:\Users\Admin\AppData\Local\Temp\010c62e22a37e742a7ea347a58c86366.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
3.9MB

MD5
abf313b833cde5981bf744e93a182761

SHA1
32b8c4a00ad3da0522c249876a1f483a81c3fc35

SHA256
478cee4130a1c2f739307d57a76d46edf185f6ee52d4bf1953453544b495cecf

SHA512
60736fe785ead39fe55efca4d480cb134251fc969b0c9e33cd0085d941a656f427be8cda7221f6fe5cc3cd365a62a972901b9ae86274b95de93126329e26afc5

Download Submit
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/3068-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3068-231-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads