db765f819fab52802ef8720d843430c671dfda435d3ee76ec4f79770dd121ba8

Analysis

max time kernel
92s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1045a80c87d2485b54e7cf83e2e1fa60.exe
Size

10.6MB
MD5

1045a80c87d2485b54e7cf83e2e1fa60
SHA1

1bf19a1c052d2835078989a6f4ec2457fff2ea7b
SHA256

db765f819fab52802ef8720d843430c671dfda435d3ee76ec4f79770dd121ba8
SHA512

bd2397ceb6020fd0b3dc4437d976fa0b5dbd0c99164ce0eb85d13c79e211530770824fb4146bd8d32ac5de634002aebaa52707133f2b12dd7bcd10d42c8b155c
SSDEEP

98304:XUJuxtxCagCUtDJd3334bsRX/k5yhLMj/mUbYZfgs0QlxcjeBiqVmrgq8no:09d3334S/K+MKU64s9zmMno

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-928733405-3780110381-2966456290-1000\desktop.ini	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-928733405-3780110381-2966456290-1000\desktop.ini	1045a80c87d2485b54e7cf83e2e1fa60.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipshrv.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uz.txt	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.sfx	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sa.txt	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\be.txt	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\rtscom.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mn.txt	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\lij.txt	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sw.txt	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwruksh.dat	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\th.txt	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ext.txt	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\Content.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ba.txt	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\7-Zip\License.txt	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\ClearMount.eps	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkObj.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui	1045a80c87d2485b54e7cf83e2e1fa60.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nn.txt	1045a80c87d2485b54e7cf83e2e1fa60.exe

C:\Users\Admin\AppData\Local\Temp\1045a80c87d2485b54e7cf83e2e1fa60.exe
"C:\Users\Admin\AppData\Local\Temp\1045a80c87d2485b54e7cf83e2e1fa60.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
5KB

MD5
62230914d618502085bc35b485031d98

SHA1
3c51b9b1cce3718355037f7f2760cb9d838ee40e

SHA256
59a1d671c3b4f48cb9f2e5e7185c31707f906a455fad626a47345105fcf2302f

SHA512
2f96ebd8129013ebcbd2bf106e64f97d507cc8555650f54812cd440769b63f196039535fd973e018c2ac7c5713dc936173ede95216b42963af21f0612cefee6f

Download Submit
memory/2240-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2240-39-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2240-44-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2240-106-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2240-207-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2240-239-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads