c4e22d5b376632e03b43ef1e9a5b74da0b5bc1f01f9061c4191a137c28e8dd8d

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 03:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba712dc759e2b5ff0cc89a7df3702f2a.exe
Size

27.8MB
MD5

ba712dc759e2b5ff0cc89a7df3702f2a
SHA1

664428988af7666d3bb12709e5d89369d48edb19
SHA256

c4e22d5b376632e03b43ef1e9a5b74da0b5bc1f01f9061c4191a137c28e8dd8d
SHA512

988c2e099a18860388d5933c43570c18c819ca583c124cdf29872706724b40d7072afc0c2569e2e5f5640fa3d4bb83f2f3d39f988e3ebc81f9c208f99c5c0499
SSDEEP

196608:DMct4b/pCBnvjeApaAvktMzmMnglrB3ytPqVxUQVmBDTSWhkb8JkJY:zt4bINvjtIAvkKn80PqbsBDTibDY

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-778096762-2241304387-192235952-1000\desktop.ini	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-778096762-2241304387-192235952-1000\desktop.ini	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\desktop.ini	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\desktop.ini	ba712dc759e2b5ff0cc89a7df3702f2a.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\sqloledb.dll	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ar.txt	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkWatson.exe.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsjpn.xml	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadomd28.tlb	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ka.txt	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\DVD Maker\ja-JP\WMM2CLIP.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msadcer.dll	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\System\msadc\msadcs.dll	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\DVD Maker\SecretST.TTF	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\7-Zip\7-zip.dll	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\msadcor.dll	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ko.txt	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkDiv.dll	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\System\ado\msado15.dll	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ko-KR\tipresx.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsen.xml	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\DVD Maker\de-DE\WMM2CLIP.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\micaut.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll	ba712dc759e2b5ff0cc89a7df3702f2a.exe
File created	\??\c:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	ba712dc759e2b5ff0cc89a7df3702f2a.exe

C:\Users\Admin\AppData\Local\Temp\ba712dc759e2b5ff0cc89a7df3702f2a.exe
"C:\Users\Admin\AppData\Local\Temp\ba712dc759e2b5ff0cc89a7df3702f2a.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2240

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
27.8MB

MD5
e40801d46b6ed14bb875bfacad887b63

SHA1
0613d04cc803deb696769c2c63c0f27180b2903c

SHA256
0289eb01c352cd4e9968e75a71f60e8365c9e6a7bbfb6d4ee33cb99592aefc3a

SHA512
2f4580119d266bae0dcee79ab70c33e4f9ed4cfe2918709ad81c4e979cbbca222d4961f2b8f8e7314afd1b77d2ce1944edd5f8bafde047672907e3da7f59ff77

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2240-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2240-25-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2240-226-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2240-234-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads