d4f6a4b7e58c4dfc7e55944ab2e7321c0fe7ce80e824bf6df65b464170b25b6b

Analysis

max time kernel
210s
max time network
52s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d41b4012cde00e643e4218b07eef5316_JC.exe
Size

1.8MB
MD5

d41b4012cde00e643e4218b07eef5316
SHA1

afbeef076af387a246ef7d0a906ac21236b129b4
SHA256

d4f6a4b7e58c4dfc7e55944ab2e7321c0fe7ce80e824bf6df65b464170b25b6b
SHA512

c8d65e76bfc128cfb8cd34391b65a286bcc585e1f10708df5f737b877f936758676f5a95899157e2ee1a15b1dde953bab2ae74679499f03aab07af0a814ca4bb
SSDEEP

24576:EzEeFOlCBwLl4Zl9lmtxUTwu6wMa5qnGjM4hLMe8Yh8npik4QBb3Osa20yL:EzE1Llyl9lmQtMr2opiZm3Of2dL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2908-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral1/files/0x000500000000fefe-6.dat	upx
behavioral1/memory/2908-21-0x0000000000400000-0x0000000000420000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\bin\ktab.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jre7\bin\pack200.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\7-Zip\7zG.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javafxpackager.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\DW\DWTRIG20.EXE-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jre7\bin\javaw.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Mozilla Firefox\firefox.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Mozilla Firefox\updater.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Windows Journal\PDIALOG.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\idlj.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jre7\bin\klist.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\7-Zip\Uninstall.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jre7\bin\jp2launcher.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32Info.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java-rmi.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\7-Zip\Uninstall.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jre7\bin\ssvagent.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\pipanel.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeCollabSync.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Windows NT\Accessories\wordpad.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java-rmi.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Windows Photo Viewer\ImagingDevices.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Setup.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jre7\bin\java.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jre7\bin\keytool.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\template.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat	d41b4012cde00e643e4218b07eef5316_JC.exe

C:\Users\Admin\AppData\Local\Temp\d41b4012cde00e643e4218b07eef5316_JC.exe
"C:\Users\Admin\AppData\Local\Temp\d41b4012cde00e643e4218b07eef5316_JC.exe"
1⤵
- Drops file in Program Files directory
PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
2.6MB

MD5
2e4c9b7b2cc8c6fb70b0b3f4fe33304d

SHA1
c276b4728f8ac99b7ea59c5a708207cfb4ca49bc

SHA256
6b2191ff49e92ec365618614b7cad302fb4dff8475e83e6496c89eb7f5c04735

SHA512
b3c8cbe74a565cfa5384da58f0daff366e33d9723b064ddbaa188c26572992b4a08824966d343929c246a39030843bb961a69bf8006f418627e1b77696857143

Download Submit
memory/2908-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/2908-21-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads