dd3f312904b7116c7000ee26ece2c1d607659db288eb37a557f575792a24032b

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
Size

355KB
MD5

8bab3bd9e4fa3d6c7f69d32f3401fa6c
SHA1

5dcb12327c98c8cba66e89a0a7acef6bdee56e2f
SHA256

dd3f312904b7116c7000ee26ece2c1d607659db288eb37a557f575792a24032b
SHA512

707c98a6218d9d4d93f0be3eb7a1d71cb162e04fee699fe24e7c4dd035e3bf8318ea5a803504d586a9aa9e76517f5167948eee3022d23fe7058d4bd8a61ad861
SSDEEP

6144:HO+TyiE8+aqCjToXVpGOZcWixTmAcThAkZThMTM:JXEkqeolrix1c60y

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-928733405-3780110381-2966456290-1000\desktop.ini	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\desktop.ini	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\desktop.ini	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-928733405-3780110381-2966456290-1000\desktop.ini	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.h	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Common Files\Services\verisign.bmp	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\it-IT\DVDMaker.exe.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-join.avi	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Internet Explorer\iexplore.exe	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\mr.pak	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msdasql.dll	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.dll	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Internet Explorer\MemoryAnalyzer.dll	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\rt.jar	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\Common.fxh	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\Timeline.cpu.xml	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png	8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe

C:\Users\Admin\AppData\Local\Temp\8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe
"C:\Users\Admin\AppData\Local\Temp\8bab3bd9e4fa3d6c7f69d32f3401fa6c.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
5.8MB

MD5
291dc2958957bf6638eef420677dfc02

SHA1
9a21f24ab5034637a8763b2e3b946e6dee251647

SHA256
b0fa1179bd81c9bb5919dbb602ff1ff1f97d1be49331446745f315cf6b8debad

SHA512
302253c54e4062a8d7cda134a6bef7ac4b172ecaaafa53a8103b8fff39f5c5bb124afbec3833a5f068aea6aeda2a538ee98d58a87235e474e6a0d6369e878ad5

Download Submit
C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer

Filesize
5KB

MD5
6b99099c6a9b959f824e420676fe3dc8

SHA1
ba9e3b5f2f7f710d263272019be5bf5db33bf614

SHA256
34d5d8dc208ef8c73bb46fb3002fa22b8954d52a4e53be3c56b9801aeab56918

SHA512
dfe061ddec4106e68c8ea789009b0e6bf7d27072bebd0bdb724e4ccadd215b9122b04198bbc362753e2b35af16d993ddf89b44b29bb79c0e7a16eeb97f3b3d26

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\awt.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/1228-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1228-683-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads