106e411abe2c186c6e23de90b5550e0d7c3185845e8ee8e2dab883e31013a7de

Analysis

max time kernel
139s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b777a42d81946d1f8cafae44cb5d6a8.exe
Size

372KB
MD5

2b777a42d81946d1f8cafae44cb5d6a8
SHA1

3ae1a9d74f0f77de41474ee5eab439428356a478
SHA256

106e411abe2c186c6e23de90b5550e0d7c3185845e8ee8e2dab883e31013a7de
SHA512

9ac8765b3670e9fb3b19e7a4495df7f3c8ef90382ef24e58460a7c8f82c7c60de792f11f87c9e4c4ea16b21d244dc25a1a0fec01cdbbd42ce32d7bd13aa008d3
SSDEEP

6144:Hq+TyiziFmJmxhqYxhk6spHZO8qnuw4k3cDF3NxH/iYNUr:1Xz8mJmxhqYxhQw8qu/JNxsr

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\desktop.ini	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-1268429524-3929314613-1992311491-1000\desktop.ini	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1268429524-3929314613-1992311491-1000\desktop.ini	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\desktop.ini	2b777a42d81946d1f8cafae44cb5d6a8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msador15.dll	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\DisconnectRemove.wps	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msdaprsr.dll	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkDrop32x32.gif	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\7-Zip\7zFM.exe	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msdasql.dll	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nl.txt	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\fr-FR\DVDMaker.exe.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\Services\verisign.bmp	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\adojavas.inc	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msdaprst.dll	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers.xml	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\io.txt	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uz.txt	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mip.exe	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\DVD Maker\fr-FR\OmdProject.dll.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\F12Tools.dll	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	2b777a42d81946d1f8cafae44cb5d6a8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png	2b777a42d81946d1f8cafae44cb5d6a8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png	2b777a42d81946d1f8cafae44cb5d6a8.exe

C:\Users\Admin\AppData\Local\Temp\2b777a42d81946d1f8cafae44cb5d6a8.exe
"C:\Users\Admin\AppData\Local\Temp\2b777a42d81946d1f8cafae44cb5d6a8.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
5.9MB

MD5
29b7b180e70f3f16f84c68d1aa0ae033

SHA1
f21d8d7d79283f934768b7e8d77bca64c3bda615

SHA256
62d68962c121f464af9ea38c8e1d378b10730ba1634fb6727f19ad33790d4431

SHA512
94b89898a7cb0963f85ceaae6950bb7c30a00165fab8aef2c9b289f8aa03a9a1e5a5bd9c0d8b35acf8658bfe72dd0836b47613b71bc4fcfd95207f0a0fcc2a93

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer

Filesize
5KB

MD5
6b99099c6a9b959f824e420676fe3dc8

SHA1
ba9e3b5f2f7f710d263272019be5bf5db33bf614

SHA256
34d5d8dc208ef8c73bb46fb3002fa22b8954d52a4e53be3c56b9801aeab56918

SHA512
dfe061ddec4106e68c8ea789009b0e6bf7d27072bebd0bdb724e4ccadd215b9122b04198bbc362753e2b35af16d993ddf89b44b29bb79c0e7a16eeb97f3b3d26

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2500-206-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2500-36-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2500-205-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2500-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2500-243-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2500-253-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2500-260-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2500-265-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2500-15-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2500-9-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2500-635-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads