5920c7c76367c8d179dbf3c19e8b82ab3880f4b9c2de056b3e4f61bf2f052d5c

Analysis

max time kernel
158s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2024 03:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a574b2daf4286091bb68c583bd88bd3.exe
Size

198KB
MD5

4a574b2daf4286091bb68c583bd88bd3
SHA1

d8184c64dbf6a0dd86f64fc67bc672265f9366ef
SHA256

5920c7c76367c8d179dbf3c19e8b82ab3880f4b9c2de056b3e4f61bf2f052d5c
SHA512

493322de955bb97b278f42f0ed7a9af39afa50b3bcdedc4fecc5893589065460bd9e2d315e858c64e9cbeaebd9f969fd353dd818565e7f0735e5690f354da376
SSDEEP

3072:a2i99xNKkOzyIT2PzfTyRSO5+TyiZGyqJ+qZEhyAZToEE6ooqiq8EpKP1dwLFurt:P+fAz16PHyf+TyiYQvd1E6dqi4py5

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\desktop.ini	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3073191680-435865314-2862784915-1000\desktop.ini	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\desktop.ini	4a574b2daf4286091bb68c583bd88bd3.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\7-Zip\Lang\af.txt	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\System\ado\adojavas.inc	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.Security.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\System\de-DE\wab32res.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-multibyte-l1-1-0.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\zh-tw.txt	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\zh-TW\tipresx.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Private.Xml.Linq.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.Writer.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipTsf.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\mip.exe	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado15.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-synch-l1-1-0.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Collections.Specialized.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ServiceModel.Web.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.sfx	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\micaut.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\rtscom.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\host\fxr\6.0.25\hostfxr.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.ComponentModel.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsnld.xml	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\mip.exe	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.DiaSymReader.Native.amd64.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipsel.xml	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\ipstr.xml	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.AppContext.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\it.txt	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msador28.tlb	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebClient.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.Cryptography.Csp.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sq.txt	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msadds.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.Extensions.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\co.txt	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\mraut.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado26.tlb	4a574b2daf4286091bb68c583bd88bd3.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.dll	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	4a574b2daf4286091bb68c583bd88bd3.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui	4a574b2daf4286091bb68c583bd88bd3.exe

C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe
"C:\Users\Admin\AppData\Local\Temp\4a574b2daf4286091bb68c583bd88bd3.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.chm

Filesize
310KB

MD5
9ba30280f2ddf375ba9d8b4cb8bdfc4d

SHA1
6826b98dde33c9764ef9d007a76cc12606776751

SHA256
1efde4d9205ce466da9980656ed3e51614725b71548663dfcc6c1b8d6ccda32c

SHA512
01198a43554cffd13d9916c98a84be3feff95f163e9b254ba13f122f2e43be1d467ae389ea715ba3b1497c5cc71cd14f7e2d4268540c33669d46d5b2fd589928

Download Submit
memory/1168-203-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-49-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-212-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-22-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-213-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-124-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-145-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-214-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-1-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-2-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-230-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-231-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-291-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-322-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-365-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1168-475-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads