ac23b2b2fc3ecb42b29c8ecc6d08906cfa18cb846b950ef17e97afa2e6fc33f8

Analysis

max time kernel
177s
max time network
142s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 20:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c6c09bb5f32794ee32f6a070e26fc6e2.exe
Size

391KB
MD5

c6c09bb5f32794ee32f6a070e26fc6e2
SHA1

9ccf9b1c8059e375bda8bdc2a16e8351c5fdeab0
SHA256

ac23b2b2fc3ecb42b29c8ecc6d08906cfa18cb846b950ef17e97afa2e6fc33f8
SHA512

b726e5e03236b3c575912442e66f109751732308974e41d349b8fe792e2467afea67a30393cfb89f258e9467d1594f3c86aac5907fdf7c5cc869af2a401bb107
SSDEEP

6144:P+fiFEGPOln4RUOeinwl5gaO5W2cRFSX+BoRfK78Do:P+gPOV4uOeinggFQFSXrRI8Do

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-2461186416-2307104501-1787948496-1000\desktop.ini	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-2461186416-2307104501-1787948496-1000\desktop.ini	c6c09bb5f32794ee32f6a070e26fc6e2.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\7-Zip\Lang\is.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\gu.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\zh-cn.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-phonetic.xml	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\kk.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ko.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pt.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\es.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\cs.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\yo.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresslm.dat	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\lt.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ps.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\7z.exe	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\az.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\ba.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\tk.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\ShapeCollector.exe.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\hu.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\AssertRestart.svgz	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\zh-tw.txt	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\7-Zip\descript.ion	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\cs-CZ\tipresx.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IpsMigrationPlugin.dll.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml	c6c09bb5f32794ee32f6a070e26fc6e2.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml	c6c09bb5f32794ee32f6a070e26fc6e2.exe

C:\Users\Admin\AppData\Local\Temp\c6c09bb5f32794ee32f6a070e26fc6e2.exe
"C:\Users\Admin\AppData\Local\Temp\c6c09bb5f32794ee32f6a070e26fc6e2.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
5.9MB

MD5
de313489dc283c256ed090143fefae95

SHA1
fa948342aa16e6a69deebcc9e49ab59dff0809c9

SHA256
75683687499f9320b1db3bc7b2a44196e0c05900a6b81d7f28768c9e36cc3734

SHA512
6a7fe1a0c7ce12a427cf10bb9c38982c4c1063fb3b6a5962df2409e01b111132506d3ee75fb390d12e03d58546dd36652da0b0841107bbc58ab413fb02ebf6d0

Download Submit
memory/2712-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2712-9-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2712-14-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2712-31-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2712-213-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads