39f11c9078324bac44f50570783acd3d1afb968dfe8ce9fb730c3d29654705f4

Analysis

max time kernel
158s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 06:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b0dd4f3c25af498032f6223018c8301.exe
Size

387KB
MD5

2b0dd4f3c25af498032f6223018c8301
SHA1

fd249ea853432bc5eaa2004160c81219d9c55521
SHA256

39f11c9078324bac44f50570783acd3d1afb968dfe8ce9fb730c3d29654705f4
SHA512

ccbf8e70ac4a263940d01d13cf415ecf7755e8d285459f4b377c1f004108020e17d62e260963be677caf4890ff471cb957c776e894b5667453a136fc9b7c0041
SSDEEP

6144:Vnn+TyiYEFMFnCpHTSAshdo/MCRiVFAr5s2uGb3d1E6dqi4py5v:V+XYEFMFnGk4MM5s2uGnEy1v

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\desktop.ini	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\desktop.ini	2b0dd4f3c25af498032f6223018c8301.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\ReachFramework.resources.dll	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.Linq.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Resources.Writer.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\Microsoft.VisualBasic.Forms.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework-SystemXml.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad.xml	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsel.xml	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tipresx.dll	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\tipskins.dll	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tpcps.dll	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.TextWriterTraceListener.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Compression.FileSystem.dll	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.InteropServices.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Algorithms.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Memory.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\7-Zip\7zCon.sfx	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\tipskins.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\LICENSE.txt	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Text.Encoding.Extensions.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\uk.txt	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.Pipes.AccessControl.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.AppContext.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.UnmanagedMemoryStream.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Json.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pt.txt	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-time-l1-1-0.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.HttpListener.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.CompilerServices.VisualC.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ServiceModel.Web.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ro.txt	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Requests.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Drawing.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.MemoryMappedFiles.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.Cryptography.Csp.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\mscorrc.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\System.Windows.Forms.Design.resources.dll	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sk.txt	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\tg.txt	2b0dd4f3c25af498032f6223018c8301.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsfra.xml	2b0dd4f3c25af498032f6223018c8301.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui	2b0dd4f3c25af498032f6223018c8301.exe

C:\Users\Admin\AppData\Local\Temp\2b0dd4f3c25af498032f6223018c8301.exe
"C:\Users\Admin\AppData\Local\Temp\2b0dd4f3c25af498032f6223018c8301.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4716

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
500KB

MD5
229a26def35c1f12cddef95bfdf8d57c

SHA1
7d723ef468c38c38c23b2d38ff0790a6d02e6f9e

SHA256
02f7132fcc1c86e6737176a30328ae3824f08a61feed3430183fc4f9989ad917

SHA512
7f7415949fea66cdf89ef4d3853b57c8e2f9c67e8963846620209f0ae203c9f362ac8de6c4b928acc1cf222b614f7591f101f0125456b3fbaf8754e9b18576a4

Download Submit
memory/4716-209-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-65-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-213-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-52-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-214-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-115-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-147-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-230-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-1-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-2-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-285-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-363-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-471-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-554-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-580-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4716-686-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads