b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0

General

Target

b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
Size

655KB
MD5

11b9e3e8d5fb74d5cb6898140d29e760
SHA1

75f6835ef6b7b675fbe9f30d8e906d9f2ba4ca67
SHA256

b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0
SHA512

95e1d2b9e2a37e04816fd5ab3bd11e1725e15cbf3e390856f8fcee3bc9c40b84f1ee79e0dfb825cd47cdfb2ecfc1152d5fae41cd880887324af19dea5b4f1e1f

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

yara_rule
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx
upx

Drops desktop.ini file(s) 2 IoCs

Processes:

b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\desktop.ini	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe

Drops file in Program Files directory 64 IoCs

Processes:

b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe

description	ioc	process
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libt140_plugin.dll	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_foggy.png	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcfr.dll.mui	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\ECLIPSE_.SF.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.win32.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-masterfs_zh_CN.jar.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\images\ui-bg_highlight-soft_75_ffe45c_1x100.png	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\120DPI\(120DPI)grayStateIcon.png	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\flyout_background.png.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Mozilla Firefox\msvcp140.dll	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+6.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Noronha	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-host-remote.xml	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\js\common.js	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libh26x_plugin.dll.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_rest.png	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\17.png.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ja_5.5.0.165303.jar.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-8	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pohnpei	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_ko.properties.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Jakarta	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libposterize_plugin.dll	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\logger\libconsole_logger_plugin.dll.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File A.txt.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\item_hover_docked.png.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_blue_snow.png	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-synch-l1-2-0.dll.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_black_few-showers.png.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Sao_Paulo	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jpeg.dll	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Galapagos.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Pago_Pago.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-12.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.jpg	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jaas_nt.dll	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Moncton	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File opened for modification	C:\Program Files\RepairPush.html	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodicon.gif.exe	b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe

C:\Users\Admin\AppData\Local\Temp\b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe
"C:\Users\Admin\AppData\Local\Temp\b044d846a39b195fcc0856cfa76c768f9bb11c307801c413d2ced4f8469810c0.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:736

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads