22680570ea190ab55636bc3cde71308387cd54b7562ef22783c073ab136f889b

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1bf703f595b2d1c20ee81fab1e2b4435.exe
Size

348KB
MD5

1bf703f595b2d1c20ee81fab1e2b4435
SHA1

083dca23a58b2a88a26ff010e583d97c82403f7b
SHA256

22680570ea190ab55636bc3cde71308387cd54b7562ef22783c073ab136f889b
SHA512

7c44d74f60a30f2ef8e9dc860f032e95621d65cd2f5b0419494d8bbf0881f1f16041726f69cfaf4fb69b8930bad491f5ec34cee2512e9a306552ca1d3c3afbde
SSDEEP

3072:a2i99xNKkT9wHxLA1SFmn8TOnI4k+gMLOjIW4ngX+NhFKx1tkWEk7O/8:P+fF2RLYFn6OnldgtjIbv+a6C/8

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\desktop.ini	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\desktop.ini	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-1603059206-2004189698-4139800220-1000\desktop.ini	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1603059206-2004189698-4139800220-1000\desktop.ini	1bf703f595b2d1c20ee81fab1e2b4435.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Internet Explorer\pdmproxy100.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\GrantInvoke.crw	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\ssvagent.exe	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tabskb.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mk.txt	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Internet Explorer\networkinspection.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\fontconfig.bfc	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ne.txt	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msxactps.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\ssv.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Common Files\System\ado\adovbs.inc	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\System\wab32.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File created	\??\c:\Program Files\Internet Explorer\en-US\networkinspection.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\ffjcext.zip	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ru.txt	1bf703f595b2d1c20ee81fab1e2b4435.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui	1bf703f595b2d1c20ee81fab1e2b4435.exe

C:\Users\Admin\AppData\Local\Temp\1bf703f595b2d1c20ee81fab1e2b4435.exe
"C:\Users\Admin\AppData\Local\Temp\1bf703f595b2d1c20ee81fab1e2b4435.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
1.5MB

MD5
f7f814e482ebab337d4693b543bcef22

SHA1
08414c4016cf5169c61de9bb563057a9f6dc1ef7

SHA256
3f6d4ff117b63156d07445363b0b737c8cdc2f42eccebbb2520e97d9f905392e

SHA512
55e39c71a4c033a19e2d1998945e3ce04631755955b8e8809d8cfdcb2357e04f8e6095409917b235656cc2753e1fdcda2b35d7abde793bf1d267c798955b2d51

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\deploy.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2488-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2488-89-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2488-99-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2488-234-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2488-254-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2488-362-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2488-683-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads