7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240

General

Target

7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
Size

516KB
MD5

24e39c4f246d1546f434702c21104cf9
SHA1

6434999225d31f8cc5bede84d3ac57fa4bddc7df
SHA256

7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240
SHA512

ad29a2a0549e7c837497a3b67daa58fa34f4ee27a887bcc63c6ec1590bec4c9f9a4df71775e1d515f7e6f9cb505ceb50129f17d20f53e8d08ec2ea81edbab5c6
SSDEEP

12288:STPBriKbQWuXQ1e0lZ9yBjairmluu6Q9uqrXZeEhLBLZ2:kPsKbQQ54BPrmlum9uUZeYLBF

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral2/memory/5044-132-0x0000000000400000-0x00000000005CE000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

Processes:

7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe

description	ioc	process
File created	C:\Program Files\Java\jdk1.8.0_66\include\win32\bridge\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\locale\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jre1.8.0_66\lib\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jre1.8.0_66\lib\ext\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\management\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\ext\locale\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\plugin2\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\META-INF\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Internet Explorer\ja-JP\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\lib\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sr-Latn-RS\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\META-INF\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\7-Zip\Lang\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Google\Chrome\Application\89.0.4389.114\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Internet Explorer\de-DE\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\include\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\etc\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-TW\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\config\ModuleAutoDeps\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\core\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jre1.8.0_66\lib\deploy\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sl-SI\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Internet Explorer\en-US\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\images\cursors\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\update_tracking\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\7-Zip\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\System\ja-JP\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File opened for modification	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\eclipse_update_120.jpg	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jre1.8.0_66\bin\server\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\Services\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\lib\security\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\bg-BG\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
File created	C:\Program Files\Java\jdk1.8.0_66\jre\bin\ÐÀÑØÈÔÐÎÂÀÒÜ ÔÀÉËÛ.txt	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe

Modifies registry class 10 IoCs

Processes:

7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\STSOKZKEYPAJHVS\shell\open\command	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.$\ = "STSOKZKEYPAJHVS"	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\STSOKZKEYPAJHVS\ = "CRYPTED!"	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\STSOKZKEYPAJHVS\DefaultIcon	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\STSOKZKEYPAJHVS\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9SC17RrCZiZh70f.exe,0"	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\STSOKZKEYPAJHVS\shell\open\command\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\9SC17RrCZiZh70f.exe"	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.$	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\STSOKZKEYPAJHVS	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\STSOKZKEYPAJHVS\shell	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\STSOKZKEYPAJHVS\shell\open	7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe

C:\Users\Admin\AppData\Local\Temp\7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe
"C:\Users\Admin\AppData\Local\Temp\7dc7d6953513b5303d36164e5e4813f299124cd16188da1c2754defb99758240.exe"
1⤵
- Drops file in Program Files directory
- Modifies registry class
PID:5044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5044-132-0x0000000000400000-0x00000000005CE000-memory.dmp

Filesize
1.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads