0da8b2ecfa4c52965dab17fda28b7c6a65dda92c99285a4e216b1dbb609397ec

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20d25a78a51f7eed8764f76c63159e96.exe
Size

348KB
MD5

20d25a78a51f7eed8764f76c63159e96
SHA1

f3561246462cf186b8bfa066d4610abb24133be8
SHA256

0da8b2ecfa4c52965dab17fda28b7c6a65dda92c99285a4e216b1dbb609397ec
SHA512

a23220f68becb6f6df23644f0454f789a5cb322797b3a481aa1f2b764133fcfa8f1e06eb44e458518b422f04bf659e1bb46ba67eb85161b3ab98218718ebad71
SSDEEP

6144:HO+TyiE8+aqCjToXVpGOZcWixTmAcThAkZThMTMQ:JXEkqeolrix1c60yT

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\Program Files\desktop.ini	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\desktop.ini	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-3601492379-692465709-652514833-1000\desktop.ini	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3601492379-692465709-652514833-1000\desktop.ini	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	20d25a78a51f7eed8764f76c63159e96.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.properties.src	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\cy.txt	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ext.txt	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\DVD Maker\WMM2CLIP.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\Common.fxh	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadox.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_fr.jar	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\ieproxy.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\MemoryAnalyzer.dll	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uz.txt	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipRes.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gif	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tabskb.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm	20d25a78a51f7eed8764f76c63159e96.exe

C:\Users\Admin\AppData\Local\Temp\20d25a78a51f7eed8764f76c63159e96.exe
"C:\Users\Admin\AppData\Local\Temp\20d25a78a51f7eed8764f76c63159e96.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2520

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
92KB

MD5
71a3b61ff0b69fd1dc69b373a5b800f4

SHA1
8e9f5a74ef71f546f5dca08aad807981ebd8d4dd

SHA256
232c931ad63ebc073dcdef1b5e9873a635b1f27740504cd9381de425a07e2c05

SHA512
234ac6cf546a27256a38d45c780c1a5337bf00f75b4cdd6d080c050332d8da2805d7bb27a18537471a5e168a152a103882893a0ccc7d8b1e66e59afa50847798

Download Submit
memory/2520-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2520-605-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads