b9d2f49a06f61bcad417bbda3d2938f50021b27785c0d9faedcfb3f5aae8e378

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 03:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7157b4f390cfb18bff09bf6981c5d1e8.exe
Size

347KB
MD5

7157b4f390cfb18bff09bf6981c5d1e8
SHA1

e57ba01779102a01585ca979820630fe50db4f4d
SHA256

b9d2f49a06f61bcad417bbda3d2938f50021b27785c0d9faedcfb3f5aae8e378
SHA512

c7d80f52830bf4b1bd5961b28549e43ac6e63a13aefd94a245f092fb3ae97ec6f0b7a92d4ab010bb9229fffd9895331ebc4b248ffc1502084439bf23d93ea2f8
SSDEEP

6144:HO+TyiE8+aqCjToXVpGOZcWixTmAcThAkZThMTMh:JXEkqeolrix1c60ya

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-1603059206-2004189698-4139800220-1000\desktop.ini	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1603059206-2004189698-4139800220-1000\desktop.ini	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\desktop.ini	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\desktop.ini	7157b4f390cfb18bff09bf6981c5d1e8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\Internet Explorer\Timeline_is.dll	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fy.txt	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveDrop32x32.gif	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\security\javaws.policy	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\kab.txt	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msdasqlr.dll	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InputPersonalization.exe.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\ielowutil.exe	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\management.dll	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\content-types.properties	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\Common Files\System\ado\msader15.dll	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\include\jni.h	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\DVD Maker\audiodepthconverter.ax	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msader15.dll	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\Internet Explorer\ie9props.propdesc	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pt-br.txt	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\jsdt.dll	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui	7157b4f390cfb18bff09bf6981c5d1e8.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml	7157b4f390cfb18bff09bf6981c5d1e8.exe

C:\Users\Admin\AppData\Local\Temp\7157b4f390cfb18bff09bf6981c5d1e8.exe
"C:\Users\Admin\AppData\Local\Temp\7157b4f390cfb18bff09bf6981c5d1e8.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
5.9MB

MD5
9a52f4671e4efa380607e117da6c0249

SHA1
e9b3adfd2fbcca144ba056f496a06debab5376c4

SHA256
842fdfd0716eb90ea4acfe3e4ffa71d3ae8171e9b00b88b225fae2ba874c154d

SHA512
fcb42f616d454a6933cb1fe38d1c3094feed05637f8d5382dc1e18cc063c65d86007ebcfdd4c1e5afacb8dea21e5f7505b98693c7e02b95f859ce195cfd25b6d

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo

Filesize
5KB

MD5
8dad98db128eeb1f927350bc7a8fd87e

SHA1
5cdbb67a83d04237fb2095ef4592c11aade84bf7

SHA256
c9b982f369226ae99d82f8428815220208805b8024caeef8a3b03971383c9eeb

SHA512
91c7d71a3d718d27cb70832e735e06ea305637986ea0b3faf19de8d367b58d9e90d42e956e2bdc7a43eaadeb6b460f88fddcc3ea203c413311784fd7f5e6f7b2

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\dtplugin\deployJava1.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2252-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2252-584-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2252-683-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads