2b64fe79cae42623180dfd88cc5321ec3a907417508d2a7a4c9665d96d5e1d33

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 05:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
Size

23.6MB
MD5

8e4b572b15f2d94b9a3b84b4a2c5e47f
SHA1

4bd758ed90604ee3376a74c1b2257f40881d8e61
SHA256

2b64fe79cae42623180dfd88cc5321ec3a907417508d2a7a4c9665d96d5e1d33
SHA512

c773c27cd7ea29435ed4a5bfcb09ee103cb46d9a89124566ec57da49771da41e2188dbf4ec20a8b75548558be33f9dfaf7813f76161106b7c92fc5bcd36325ee
SSDEEP

196608:Pt/2tbuWKK+MPlrB3ytPqVxUQVmBDTSWhg:PtunKg0PqbsBDTS

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\7-Zip\Lang\mk.txt	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\CloseGet.txt	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ca.txt	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\cy.txt	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\correct.avi	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ga.txt	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\micaut.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\el.txt	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_2.emf	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipTsf.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\kk.txt	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\yo.txt	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\kor-kor.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ar.txt	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\lij.txt	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\nl.txt	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml	8e4b572b15f2d94b9a3b84b4a2c5e47f.exe

C:\Users\Admin\AppData\Local\Temp\8e4b572b15f2d94b9a3b84b4a2c5e47f.exe
"C:\Users\Admin\AppData\Local\Temp\8e4b572b15f2d94b9a3b84b4a2c5e47f.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
4.1MB

MD5
90f1444822ed654d0f2f550c7c5f620d

SHA1
a2e53cc74ac4485970c06f79486f4d8c065a01b0

SHA256
4f4a533a798164fa3b40e96bf3bdcb67a71ebf6b503eebc38c636985d6d2e0df

SHA512
c47fa9c8e8ef6b2948caa583aebf86dc2a3fd2e28b06e76c96291b2675d5dfe56fc71b4bf2be999a15855ae25b0778b8abdee894be1754952124ed59591e3ea9

Download Submit
C:\MSOCache\All Users\{90140000-0117-0409-0000-0000000FF1CE}-C\AccessMUISet.msi

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/3028-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/3028-212-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads