203bf9e0e8b4d09bf8cecb2450c37fba9c5fefe79f34fe89e6ab31cc9a550cd8

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb51961e17a5dd0dcc1941cd1c2802bb.exe
Size

332KB
MD5

cb51961e17a5dd0dcc1941cd1c2802bb
SHA1

3ee093330800eaa2479a386d6e508d14a77ef625
SHA256

203bf9e0e8b4d09bf8cecb2450c37fba9c5fefe79f34fe89e6ab31cc9a550cd8
SHA512

91502d10c358d40bdc8d5dc12f9dffab748b6ab17610278d162403e1c131a9ef2071829bd3750b90d245868577e948f18e6b878421d5c91697c9d36951ad51ae
SSDEEP

6144:P+fLJd6AT9N7rFcX8Wx2u9GC+EjhvGhc1zudfVh9M9soUvJm:P+DJEENo9GC+xctWdh9MZz

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 6 IoCs

description	ioc	Process
File created	\??\c:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\$Recycle.Bin\S-1-5-21-3452737119-3959686427-228443150-1000\desktop.ini	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\desktop.ini	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\desktop.ini	cb51961e17a5dd0dcc1941cd1c2802bb.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\DVD Maker\soniccolorconverter.ax	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\DVD Maker\OmdProject.dll	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\DVD Maker\Pipeline.dll	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\v8_context_snapshot.bin	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkWatson.exe.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\System\ado\msadox.dll	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\he.txt	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\yo.txt	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\dicjp.dll	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\msador15.dll	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Chihuahua	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_de.properties	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\DiagnosticsHub_is.dll	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_CN.jar	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\System\Ole DB\msdasql.dll	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\7-Zip\readme.txt	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\System\msadc\handler.reg	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2iexp.dll	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\7-Zip\Lang\pt.txt	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File created	\??\c:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem	cb51961e17a5dd0dcc1941cd1c2802bb.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg	cb51961e17a5dd0dcc1941cd1c2802bb.exe

C:\Users\Admin\AppData\Local\Temp\cb51961e17a5dd0dcc1941cd1c2802bb.exe
"C:\Users\Admin\AppData\Local\Temp\cb51961e17a5dd0dcc1941cd1c2802bb.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\osetup.dll

Filesize
5.8MB

MD5
f6e8da7e680a9bc0213dd84e93ff6672

SHA1
db7717558595c1d0c9a22810dd22a5f248a4c0ed

SHA256
ef1ae989248de4adc5407c199e3de3cbc57317ee5f02a407cb9c5aa04d8507cd

SHA512
089d523257affef53cc41a6ea11df8f907104d5daebf077dc4068604c40210fd9fa2ed8eed7cf501a2daa1575c64f8e7ee074c8caa5279141689c5443030e620

Download Submit
C:\Program Files\Java\jdk1.7.0_80\jre\bin\glib-lite.dll

Filesize
5B

MD5
b5b682b742431a52ea8b17c72ad9c572

SHA1
326320f469235708c59f678c9a7357dca552d306

SHA256
30d9045a9f172208b13161d1f5204e5787e5e07bfbb4f490d0041b03b7f44f76

SHA512
4e1bd7cc616b3115baf6be7ebd29fe2d1123bc0f25464865a0cf9207b0344fba70747a5ce6f00e8d9c696881f6db1e12f81736bc748b6f2b60bf84c681a49163

Download Submit
memory/2088-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/2088-696-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads