8a72d97ea6ba44f6dd3b970949fe1b4e059271b677facd0e73f0263e763f5c57

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 10:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

534bff2959b76a36ac1463f8cc2917ad.exe
Size

332KB
MD5

534bff2959b76a36ac1463f8cc2917ad
SHA1

9ccfe2517d94107f73945a6bf3aaff57dce07ae6
SHA256

8a72d97ea6ba44f6dd3b970949fe1b4e059271b677facd0e73f0263e763f5c57
SHA512

573edbb3e73beaaecc5a4ce27c81dd9f815c4aad21ac76b61db20e3dd4b2d0fbb0c7c637a1b1d740880d6c2ca3b707cb72e07cc33be6b0401ef97d637fba3913
SSDEEP

6144:Hwq+TyiziFmJmxhqYxhk6spHNixTmAcThAkZThMTMVbcyT55K9PP:qXz8mJmxhqYxhQtix1c60ywDVMPP

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\desktop.ini	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\desktop.ini	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-3818056530-936619650-3554021955-1000\desktop.ini	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3818056530-936619650-3554021955-1000\desktop.ini	534bff2959b76a36ac1463f8cc2917ad.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\msdaps.dll	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\da.txt	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ug.txt	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\NOTICE	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\it-IT\MSTTSLoc.dll.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\Internet Explorer\DiagnosticsTap.dll	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-font.dll	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaBrightRegular.ttf	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\cursors.properties	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\bod_r.TTF	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\kk.txt	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sr-spc.txt	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\New_Salem	534bff2959b76a36ac1463f8cc2917ad.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	534bff2959b76a36ac1463f8cc2917ad.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png	534bff2959b76a36ac1463f8cc2917ad.exe

C:\Users\Admin\AppData\Local\Temp\534bff2959b76a36ac1463f8cc2917ad.exe
"C:\Users\Admin\AppData\Local\Temp\534bff2959b76a36ac1463f8cc2917ad.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2148

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
1024KB

MD5
9224bdb0ed01e947c0adcb0a1d0276be

SHA1
2bb7cb4e42e4b9d3b4ef0c94406cb7e6faa34ea7

SHA256
13ecea690cb369ea0e7abd32f7582c20dd320fbceb54e429f1e1ee9a8ae3a748

SHA512
33a13f680bce77d1b777cb160840aefac29d7f509542f8976d46cef8f87aaa47c4a5e1aa21dfb989c79a791722ce17f185f2cd59e6b48e30b940b8c54700678d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2148-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2148-757-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads