bc85d899995313d2dbf9b4731acdb4ada980522ace3db5fc963114673327e000

Analysis

max time kernel
148s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

17012f0bf150a5a6bede2ad462d5fe81.exe
Size

258KB
MD5

17012f0bf150a5a6bede2ad462d5fe81
SHA1

8db33e5522e755a716ce3f9975ceb8ec09b1f383
SHA256

bc85d899995313d2dbf9b4731acdb4ada980522ace3db5fc963114673327e000
SHA512

308304a4037c727ccd4202ca13df9ac3d6beb4fdf0b99c07a0a0d2d645a6f1cd998e02e0dd60cc463a59a358c942db5387a0db2fc9e139b55f43f1b723a139bf
SSDEEP

6144:P+fAz16PHyf+Tyt+fAz16PHyf+TyrhRtUA7c50M5izh97qFhijvbbG:P+Iz16fjk+Iz16fjMV5KV5izrqFkbG

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\desktop.ini	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\desktop.ini	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-1268429524-3929314613-1992311491-1000\desktop.ini	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1268429524-3929314613-1992311491-1000\desktop.ini	17012f0bf150a5a6bede2ad462d5fe81.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\ApproveWatch.mpeg2	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tabskb.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\DVD Maker\de-DE\OmdProject.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Music.emf	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\System\ado\msador15.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\DVD Maker\rtstreamsink.ax	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsdeu.xml	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\System\ado\adovbs.inc	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\zh-cn.txt	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\7-Zip\Uninstall.exe	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.config	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado28.tlb	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\yo.txt	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\DVD Maker\rtstreamsource.ax	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mip.exe	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-delete.avi	17012f0bf150a5a6bede2ad462d5fe81.exe

C:\Users\Admin\AppData\Local\Temp\17012f0bf150a5a6bede2ad462d5fe81.exe
"C:\Users\Admin\AppData\Local\Temp\17012f0bf150a5a6bede2ad462d5fe81.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
3.4MB

MD5
7ddab1db20ff4f6fbc8f0bb41da389ab

SHA1
174d3196660c90dbaac76e8a22e9cb1d9392c4ef

SHA256
a68d1a4315c16e99ca1c80d3715b27d73aabb4a6c1f5f72acc828d3b4fc08c64

SHA512
75c125a9102cf0f8b44c9491f62f18264e4f7b9e3ea90b7bce5a9dfecc98dd376347b2e5b5a30217f96cd9453b2b6f8ef5f95d6efc30a4fd0ca9aeeeb1fe3dd1

Download Submit
memory/756-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/756-11-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/756-15-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/756-71-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/756-235-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/756-244-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads