a09b176171fa460dd7df22d0e8e2ccae708a116d7dfc6d29028ac4b3080e3fa1

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ca39d733c899a848b3d4b413281a649.exe
Size

24.6MB
MD5

0ca39d733c899a848b3d4b413281a649
SHA1

baf9a683c37698dd1fe486b95c1d75d2af747541
SHA256

a09b176171fa460dd7df22d0e8e2ccae708a116d7dfc6d29028ac4b3080e3fa1
SHA512

cdfc4207212bf56544d32e89c300627248bbcc8a8901fe6e009b4d8387a4981dc9c433cc208cce5e33eb16ce497a97e7caeca0e787d118a5583e8b9d51bafd54
SSDEEP

49152:wUJuxtxujXab/BXgWb2n8yIyiVPh74Gzqmf6aGgKqXvi6KydunmWjMIbSohJ5ZCL:wUJuxtxCaNQXrwVegXwfk4pCL

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\desktop.ini	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3427588347-1492276948-3422228430-1000\desktop.ini	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\desktop.ini	0ca39d733c899a848b3d4b413281a649.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\7-Zip\Lang\is.txt	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ru.txt	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IPSEventLogMsg.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\System\ado\adovbs.inc	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fi-FI\tipresx.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\DVD Maker\offset.ax	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado15.dll	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsfra.xml	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\System\es-ES\wab32res.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.sfx	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ast.txt	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\zh-tw.txt	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.rll	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\7-Zip\descript.ion	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipBand.dll.mui	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll	0ca39d733c899a848b3d4b413281a649.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml	0ca39d733c899a848b3d4b413281a649.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\oledb32.dll	0ca39d733c899a848b3d4b413281a649.exe

C:\Users\Admin\AppData\Local\Temp\0ca39d733c899a848b3d4b413281a649.exe
"C:\Users\Admin\AppData\Local\Temp\0ca39d733c899a848b3d4b413281a649.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
30.1MB

MD5
bf2c4f26d889f55c80ebfaeb0a283ec0

SHA1
7aa08be887f9a7127626d3fbe0283fd5dae43b49

SHA256
c4be45a0e10c07975e410a3589747966424f8c36165245c7ce04a5ef05948992

SHA512
d4261bd8987150aee4546db177331e2d6ca6a4cad081798160631f754573c64fea13de422d782586e50cc550535ed40187dd57f90f1d8c69f315c8d71a69aab9

Download Submit
C:\Program Files\CheckpointGet.M2T

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2204-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2204-11-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2204-53-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2204-236-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads