80492ba9ea2f0f1dc7b76de58cd7f72184d8fa5be4f4a8e3de8bf2da5e545893

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
07/03/2024, 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8b6ddadb387daa388930a4345bd5108.exe
Size

118KB
MD5

b8b6ddadb387daa388930a4345bd5108
SHA1

57ae7a9e9fa28879608be1ad01747b67a44ae539
SHA256

80492ba9ea2f0f1dc7b76de58cd7f72184d8fa5be4f4a8e3de8bf2da5e545893
SHA512

63d5b8abadad6d7d968e8df66cbd7dc9aed69e01bc3a76e070192ed7b3a415723c32ad8aa03da2978a0c6234b70fb2ffce1f023b65b06bdd18ff4631e576988b
SSDEEP

3072:aP+ZE8BdSuq0bz9AZToEE6ooqivV2M6k+:VE8Bp9ad1E6dqisM6J

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\desktop.ini	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\desktop.ini	b8b6ddadb387daa388930a4345bd5108.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\mlib_image.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pt.txt	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\COPYRIGHT	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\yo.txt	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\prism-d3d.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadomd.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\LICENSE	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\com.jrockit.mc.rcp.product_root_5.5.0.165303	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\msxactps.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\include\jvmticmlr.h	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\DVD Maker\OmdProject.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.text_3.5.300.v20130515-1451.jar	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\pdm.dll	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_sv.properties	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\si.txt	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\ExportSkip.docx	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.nl_zh_4.4.0.v20140623020002.jar	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\larrow.gif	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ug.txt	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sr-spc.txt	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.ui.ja_5.5.0.165303.jar	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\da.txt	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\sw.txt	b8b6ddadb387daa388930a4345bd5108.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png	b8b6ddadb387daa388930a4345bd5108.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.ui.ja_5.5.0.165303.jar	b8b6ddadb387daa388930a4345bd5108.exe

C:\Users\Admin\AppData\Local\Temp\b8b6ddadb387daa388930a4345bd5108.exe
"C:\Users\Admin\AppData\Local\Temp\b8b6ddadb387daa388930a4345bd5108.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1948

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
5.6MB

MD5
84fb26ae8cbe49f37b03e01bb4e87f3a

SHA1
a068d2299b931486016ee415240b411fe80f69a6

SHA256
4240b781ce383813d7b531238dd61db2d92e3f187a9e9ca9e8818896aa8ab809

SHA512
3f63b7cef9f5b0dc835479d08d4f233b9afdc93bd90fa346038be3c8a5051ff8569be6d6cacc314005231c7351ae4fcc07c00966ebc0fc778b348d9353aa4689

Download Submit
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/1948-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/1948-1582-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads