0da8b2ecfa4c52965dab17fda28b7c6a65dda92c99285a4e216b1dbb609397ec

Analysis

max time kernel
144s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

20d25a78a51f7eed8764f76c63159e96.exe
Size

348KB
MD5

20d25a78a51f7eed8764f76c63159e96
SHA1

f3561246462cf186b8bfa066d4610abb24133be8
SHA256

0da8b2ecfa4c52965dab17fda28b7c6a65dda92c99285a4e216b1dbb609397ec
SHA512

a23220f68becb6f6df23644f0454f789a5cb322797b3a481aa1f2b764133fcfa8f1e06eb44e458518b422f04bf659e1bb46ba67eb85161b3ab98218718ebad71
SSDEEP

6144:HO+TyiE8+aqCjToXVpGOZcWixTmAcThAkZThMTMQ:JXEkqeolrix1c60yT

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-2398549320-3657759451-817663969-1000\desktop.ini	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-2398549320-3657759451-817663969-1000\desktop.ini	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\desktop.ini	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\desktop.ini	20d25a78a51f7eed8764f76c63159e96.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\oledbvbs.inc	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Primitives.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ja\UIAutomationClient.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\bg-BG\tipresx.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado15.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mng.txt	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Threading.AccessControl.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.Aero.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Collections.Concurrent.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationTypes.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\pt-BR\Microsoft.VisualBasic.Forms.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Intrinsics.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\WindowsBase.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ko\Microsoft.VisualBasic.Forms.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.exe	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\System.Windows.Forms.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ast.txt	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\InkObj.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\PresentationFramework.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\Microsoft.VisualBasic.Forms.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\cs\UIAutomationClient.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\tipresx.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-synch-l1-1-0.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\Microsoft.VisualBasic.Forms.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\WindowsBase.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\rtscom.dll	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\System.Windows.Input.Manipulations.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\it.txt	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\UIAutomationClient.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui	20d25a78a51f7eed8764f76c63159e96.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msdfmap.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Core.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\zh-Hant\System.Windows.Forms.Primitives.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\7-Zip\7-zip32.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\af.txt	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hr.txt	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.NameResolution.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Windows.Forms.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\InkObj.dll	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb	20d25a78a51f7eed8764f76c63159e96.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\PresentationFramework.resources.dll	20d25a78a51f7eed8764f76c63159e96.exe

C:\Users\Admin\AppData\Local\Temp\20d25a78a51f7eed8764f76c63159e96.exe
"C:\Users\Admin\AppData\Local\Temp\20d25a78a51f7eed8764f76c63159e96.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
460KB

MD5
4f42dd1474561d1621d65b79d3af6235

SHA1
10783df38b0ba4e8810b43d01a8cb4acb0469e4d

SHA256
0cea87e77e747c2553c988aa891a350c878f7154083cf92624f55db5a9dfd1ab

SHA512
940914821951bcfa927f688baaf51075ad3164e5277d343d1a6f3bfb3f6f66823960bb410a65bf90fed1c32da60f93626b40d797a8f21993c5bf10ef3d6124c2

Download Submit
memory/2948-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2948-72-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads