884df1caa180ebc43ad5c67f64272040ad914165bf8212b0bb5b95448b5be61d

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 21:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
Size

29.0MB
MD5

b834bb9bb6fb21090ab1cf2e0f4fefb6
SHA1

9aa53305fca6db5493b724e5854d89d8ee346dbf
SHA256

884df1caa180ebc43ad5c67f64272040ad914165bf8212b0bb5b95448b5be61d
SHA512

21c1bc90547c9656ceef40e4ef428b01f4a99e07a6d56cf0b63e2a0b6a2d030e27c675f30af2bfa713cbcbd0d74f2b18211fd174de0d98f5cc85c1ef97b42ee2
SSDEEP

196608:jUdkKzMzo1XU8d+8wSZ/gd2cBnvjeApaAvktrlrB3ytPqVxUQVmBDTSWhi:OMzo1XnI2cNvjtIAvkt0PqbsBDTs

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 4 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\kab.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InkWatson.exe.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.exe	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fur.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\zh-cn.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\readme.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrcatlm.dat	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsdan.xml	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipBand.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\fi.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\gl.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ro-RO\tipresx.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\co.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ext.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ta.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\Content.xml	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IPSEventLogMsg.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hu.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\th.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\vi.txt	b834bb9bb6fb21090ab1cf2e0f4fefb6.exe

C:\Users\Admin\AppData\Local\Temp\b834bb9bb6fb21090ab1cf2e0f4fefb6.exe
"C:\Users\Admin\AppData\Local\Temp\b834bb9bb6fb21090ab1cf2e0f4fefb6.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
22.2MB

MD5
58f0169ab04f39abdbacaf2b9c91f332

SHA1
e3699496cdd19a00016d315cb02d7bbad4349ce1

SHA256
e1aa4f4faf927d06fac70755a6ceeca5225eea6ebca4041fe75f7c7c8ca65a56

SHA512
8359510fbdcaecfca04b5cb734520256e138e734b7220f089768bf5acab63ca981c9070aa1e2ddc697d8cc0294998eb32955124b47fd6a0c0e4593c5b4f93d10

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2924-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2924-217-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads