bc85d899995313d2dbf9b4731acdb4ada980522ace3db5fc963114673327e000

Analysis

max time kernel
167s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 11:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

17012f0bf150a5a6bede2ad462d5fe81.exe
Size

258KB
MD5

17012f0bf150a5a6bede2ad462d5fe81
SHA1

8db33e5522e755a716ce3f9975ceb8ec09b1f383
SHA256

bc85d899995313d2dbf9b4731acdb4ada980522ace3db5fc963114673327e000
SHA512

308304a4037c727ccd4202ca13df9ac3d6beb4fdf0b99c07a0a0d2d645a6f1cd998e02e0dd60cc463a59a358c942db5387a0db2fc9e139b55f43f1b723a139bf
SSDEEP

6144:P+fAz16PHyf+Tyt+fAz16PHyf+TyrhRtUA7c50M5izh97qFhijvbbG:P+Iz16fjk+Iz16fjMV5KV5izrqFkbG

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\desktop.ini	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\desktop.ini	17012f0bf150a5a6bede2ad462d5fe81.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\ClearUpdate.pps	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\va.txt	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mng2.txt	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsjpn.xml	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-synch-l1-2-0.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\yo.txt	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msador28.tlb	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msadomd.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.CSharp.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\mraut.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msader15.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlSerializer.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\Microsoft.VisualBasic.Core.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Formats.Asn1.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Queryable.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Memory.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clretwrc.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.Mail.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.EventBasedAsync.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscordbi.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.FileSystem.Watcher.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado21.tlb	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\mscordaccore_amd64_amd64_6.0.2523.51912.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msado15.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msdatl3.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XPath.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Pipes.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\vi.txt	17012f0bf150a5a6bede2ad462d5fe81.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll	17012f0bf150a5a6bede2ad462d5fe81.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui	17012f0bf150a5a6bede2ad462d5fe81.exe

C:\Users\Admin\AppData\Local\Temp\17012f0bf150a5a6bede2ad462d5fe81.exe
"C:\Users\Admin\AppData\Local\Temp\17012f0bf150a5a6bede2ad462d5fe81.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
371KB

MD5
045b3ebd20faf4344fb1d85eedb77236

SHA1
fafe7c9299c9d6244ad7a731c980b0615861e388

SHA256
292665a9cfdf2a0b04847e00f801428af11c3422a310efdc77772e16a27a9e62

SHA512
dfe2927205a56901a8c4ada2258bf6ba80fdf56c8329448081adee926a6fb742f766dfaef352adf0a17461a8bb4516aa9034846d7943534e97d59c7d83d852e3

Download Submit
memory/1268-213-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-225-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-59-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-118-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-132-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-147-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-1-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-189-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-214-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-232-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-293-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-363-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-373-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-399-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1268-485-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads