f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1

Analysis

max time kernel
107s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 17:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
Size

68KB
MD5

83d03ed3183b358c97ebd274734daa8e
SHA1

b96dd3d26b891e8fa10d224ff1bd9d84372729cd
SHA256

f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1
SHA512

e7dee8df0588d1996c4341745a9597b70e1b865d4142a6975f1334c6b54dde600ffaa8ad5e7c851aed6a81e6405d36e47d23488253e0028fee3531cd84e08853
SSDEEP

1536:Wjl+2lHKITkBXkHFDnIXc5x6zqNwozm60m0Fs8W:O5HKITkBXkHFDIXc5x6zqVi605zW

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1648-54-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/1648-55-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Windows Media Player\wmprph.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Windows Defender\MpCmdRun.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jcmd.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\7-Zip\7z.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\Installer\chrmstp.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jre7\bin\tnameserv.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\NAMECONTROLSERVER.EXE	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\VPREVIEW.EXE-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\startNetworkServer.bat	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Eula.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jre7\bin\servertool.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Windows Media Player\wmpconfig.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Windows Media Player\wmlaunch.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\7-Zip\7z.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\IEContentService.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\excelcnv.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\WORDICON.EXE	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Windows Media Player\wmplayer.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Mozilla Firefox\plugin-hang-ui.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jre7\bin\java.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE-	f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe

C:\Users\Admin\AppData\Local\Temp\f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe
"C:\Users\Admin\AppData\Local\Temp\f9c98e4d4c1fc1746e659e5d870ab10aa6903f1cbc3f4829c55d170b01b04fe1.exe"
1⤵
- Drops file in Program Files directory
PID:1648

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1648-54-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/1648-55-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads