7d414b6d91b808ae5c3e0a7a7d2213bbeeb47fb7a7118a95d1914afdb2956b63

Analysis

max time kernel
148s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 13:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

490fddeeacd5feaf7b2825ff2057109f.exe
Size

242KB
MD5

490fddeeacd5feaf7b2825ff2057109f
SHA1

c7b6ca272cd9af64f63dfdde3c1797c638246cee
SHA256

7d414b6d91b808ae5c3e0a7a7d2213bbeeb47fb7a7118a95d1914afdb2956b63
SHA512

f43b0e3df622ecef59691a32cdc47bedb9d726b35d2d4a123e335d1c1a9dd37f8208a4e42a2534128f424c99e50407478d15f6fb9bf5e3db3fc8dab1923ad8e8
SSDEEP

6144:HqhwF5w6dLu/hRtUA7c50M5izh97qFhijvbbd:YwFA/V5KV5izrqFkbd

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3336304223-2978740688-3645194410-1000\desktop.ini	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3336304223-2978740688-3645194410-1000\desktop.ini	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\desktop.ini	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\desktop.ini	490fddeeacd5feaf7b2825ff2057109f.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\clretwrc.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\PresentationFramework.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msdaprsr.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\System.Xaml.resources.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hu.txt	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Loader.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\Microsoft.VisualBasic.Forms.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\he.txt	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\UIAutomationProvider.resources.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XDocument.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlSerializer.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\de\WindowsBase.resources.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\WindowsBase.resources.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\eo.txt	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\UIAutomationClient.resources.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\ru\UIAutomationProvider.resources.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\UIAutomationClient.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ms.pak	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\Microsoft.VisualBasic.Forms.resources.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\DirectWriteForwarder.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\System.Windows.Forms.Design.Editors.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\msdasql.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Primitives.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\sl-SI\tipresx.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.ServicePoint.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\PresentationUI.resources.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\kaa.txt	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.Contracts.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Internet Explorer\ieinstal.exe	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\System.Windows.Forms.Design.resources.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Parallel.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsBase.resources.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\adojavas.inc	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui	490fddeeacd5feaf7b2825ff2057109f.exe

C:\Users\Admin\AppData\Local\Temp\490fddeeacd5feaf7b2825ff2057109f.exe
"C:\Users\Admin\AppData\Local\Temp\490fddeeacd5feaf7b2825ff2057109f.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
355KB

MD5
c934d7403d919d9509fcd2fb91e91a0e

SHA1
674fce46aab9018e23e3652378ca91e5f4d46601

SHA256
abff9ccaae11276980fd91efe30d619b7829bc2bec4b015202dbb7c80332fad7

SHA512
9e8e05704c9d517f3a116c20faba99a382c3e4b5df2f9ce6ea5954c2bffd9ef114955371b0c059d9b2ebc3087902246058a12b0236b4d2ae006d56b5bf6356b3

Download Submit
memory/3224-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/3224-242-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads