Analysis
-
max time kernel
188s -
max time network
202s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
05/01/2024, 12:23
Static task
static1
Behavioral task
behavioral1
Sample
43acf142eb5b30f6ec50b5e4e52c32df.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
43acf142eb5b30f6ec50b5e4e52c32df.exe
Resource
win10v2004-20231215-en
General
-
Target
43acf142eb5b30f6ec50b5e4e52c32df.exe
-
Size
347KB
-
MD5
43acf142eb5b30f6ec50b5e4e52c32df
-
SHA1
35718adafee6368e74bd95dc37f8984246bb4af4
-
SHA256
ffacfb262c97d611040bdd1d517e6687625c3193b00fb4607d9d7a5e43a4fd65
-
SHA512
0b6b8bf04b48351a0ee7b2fab17a63de638c8ebd761bfb1550b4dd7a99c9d44b840c91256c1c09242c0f205e1540f3bff659b525390290d9cefd02ba9b1c8e63
-
SSDEEP
6144:HO+TyiE8+aqCjToXVpGOZcWixTmAcThAkZThMTM:JXEkqeolrix1c60y
Malware Config
Signatures
-
Drops desktop.ini file(s) 2 IoCs
description ioc Process File created \??\c:\$Recycle.Bin\S-1-5-21-635608581-3370340891-292606865-1000\desktop.ini 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\$Recycle.Bin\S-1-5-21-635608581-3370340891-292606865-1000\desktop.ini 43acf142eb5b30f6ec50b5e4e52c32df.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\7-Zip\Lang\io.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ps.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\7zCon.sfx 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\eo.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ga.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\sr-spl.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ar.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ms.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\sl.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File created \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ext.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\tr.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\7-zip32.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\History.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ast.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\az.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\it.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\pa-in.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\sk.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\lt.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\br.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\nl.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\7zFM.exe 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\fi.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\mng.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\et.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\fy.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\ku.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\va.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\7-Zip\Lang\is.txt 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll 43acf142eb5b30f6ec50b5e4e52c32df.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
29KB
MD5af920432248b5a6934174af346af3f8e
SHA16c50d99b706ad1d2c738751ae7aa3cf441e31901
SHA256d6fa0fbe15b7399660654e9152872b093fe8c7f92b96e81226d7d15842701f87
SHA512cdf74046b155f0736050f64d713630f8ebb0b3a75c2b700933cf7015293097de4b1efc5bf54d261de825ca0dc3b4ffe219f4b83c51d4534b69c9b5f8b38ed406