Analysis
-
max time kernel
122s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
29-12-2023 21:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0468c7b0d19979c4d8039be61440c745.exe
Resource
win7-20231215-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
0468c7b0d19979c4d8039be61440c745.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
0468c7b0d19979c4d8039be61440c745.exe
-
Size
5.0MB
-
MD5
0468c7b0d19979c4d8039be61440c745
-
SHA1
33b241223665b8693afcf73e9969311d8f18dc9d
-
SHA256
de093935871c78892664b422ff2141d0e8b18e7fa9515d387754042b820faa87
-
SHA512
e8cfb33138143a127c53641b2c55f6168db19645b39f16b02873f175e1b13cc9582f3d322b9ff5bd95191f65a232fb9714cc1b5f5657eaf644e5cdf2ff924ff7
-
SSDEEP
49152:PgWb2n8yIyiVPh74Gzqmf6aGgKqhI8boQhfD6UDvxvykXk1rBsgyegFKvc4clwY:YXrwVegTDm
Score
6/10
Malware Config
Signatures
-
Drops desktop.ini file(s) 6 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-1268429524-3929314613-1992311491-1000\desktop.ini 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-1268429524-3929314613-1992311491-1000\desktop.ini 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\desktop.ini 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\desktop.ini 0468c7b0d19979c4d8039be61440c745.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tabskb.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msado20.tlb 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\DVD Maker\OmdBase.dll 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\7-Zip\7-zip.dll 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\el.txt 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\oledbjvs.inc 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\en.ttt 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ast.txt 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msadox.dll 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\Content.xml 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\rtscom.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\System\de-DE\wab32res.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\ConnectGroup.rtf 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\mn.txt 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\System\wab32.dll 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\System\ado\msado15.dll 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msadomd28.tlb 0468c7b0d19979c4d8039be61440c745.exe File created \??\c:\Program Files\Common Files\System\es-ES\wab32res.dll.mui 0468c7b0d19979c4d8039be61440c745.exe File opened for modification \??\c:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll 0468c7b0d19979c4d8039be61440c745.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
220KB
MD54dfb28300b0a8ed2077cb08c1a9ba18e
SHA164e7fdfa2d2c3962220fcfa65fb858ccdb3d1cbc
SHA2562b0d73bdd4b21f85d89347a81c6a0a7da38cf5f04afa2038b280ba1c48ae241c
SHA512b95d192319adcfcbb57726de051e0b367b73ec0c01a3246498b878dfefde348fb19366c1428d6027ae90dd38d3eb40a5bec7c2464d10867880127d11fd2d1b12
-
Filesize
5B
MD5b5b682b742431a52ea8b17c72ad9c572
SHA1326320f469235708c59f678c9a7357dca552d306
SHA25630d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76
SHA5124e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163