82c4f64629423733f7c6229c50cbf2e468445bbefd6defa9aaaee4d4b40aea37

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
Size

28.3MB
MD5

0bcc3b9eafa5abd3e51f9e4e831b26f3
SHA1

7e1cef3fdcf0fa7dc3be06bbb36ec3ee2370e2b2
SHA256

82c4f64629423733f7c6229c50cbf2e468445bbefd6defa9aaaee4d4b40aea37
SHA512

375a7d23d9d0de3c52259873599321ba27df007a385dc8213e1a6de9692f559a305bce2b8279503b3b5e2ab4c5b0b5f94b7b502e051d7eab3c76b9ca87797d47
SSDEEP

786432:u3DQ6y+Xewrc2nqsshuQaku6JpHitaC8nQ+bQvZN6j6L:uTQ6W2nqdaT6XHqjqj8Z4

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3818056530-936619650-3554021955-1000\desktop.ini	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3818056530-936619650-3554021955-1000\desktop.ini	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ca.txt	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\kab.txt	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ba.txt	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\he.txt	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrcatsh.dat	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ko.txt	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mng.txt	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsita.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.jpg	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\be.txt	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fi.txt	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\ShapeCollector.exe.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\7-Zip\7-zip32.dll	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ast.txt	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sk.txt	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sl.txt	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg	0bcc3b9eafa5abd3e51f9e4e831b26f3.exe

C:\Users\Admin\AppData\Local\Temp\0bcc3b9eafa5abd3e51f9e4e831b26f3.exe
"C:\Users\Admin\AppData\Local\Temp\0bcc3b9eafa5abd3e51f9e4e831b26f3.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
1.1MB

MD5
5299109e8da785d6bc7c86c87769f565

SHA1
1f3166ae148cd306d0a1fde8c748778d56e01200

SHA256
6529e77256a1472d865d10e979ac6dd2e7ee0c8e3f2c3b9df9b0cdc1aa3bebe4

SHA512
e0998b48f0bf28b899939eecc5321792dfe85888d9c6dc72aca0f6d341fcc52da0b98e7669eee21360d294130298b0ec222480943a38dd72b399e487198e17a1

Download Submit
C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2000-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2000-217-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads