d4f6a4b7e58c4dfc7e55944ab2e7321c0fe7ce80e824bf6df65b464170b25b6b

Analysis

max time kernel
215s
max time network
261s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d41b4012cde00e643e4218b07eef5316_JC.exe
Size

1.8MB
MD5

d41b4012cde00e643e4218b07eef5316
SHA1

afbeef076af387a246ef7d0a906ac21236b129b4
SHA256

d4f6a4b7e58c4dfc7e55944ab2e7321c0fe7ce80e824bf6df65b464170b25b6b
SHA512

c8d65e76bfc128cfb8cd34391b65a286bcc585e1f10708df5f737b877f936758676f5a95899157e2ee1a15b1dde953bab2ae74679499f03aab07af0a814ca4bb
SSDEEP

24576:EzEeFOlCBwLl4Zl9lmtxUTwu6wMa5qnGjM4hLMe8Yh8npik4QBb3Osa20yL:EzE1Llyl9lmQtMr2opiZm3Of2dL

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2668-0-0x0000000000400000-0x0000000000420000-memory.dmp	upx
behavioral2/files/0x0005000000009f66-4.dat	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7zFM.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\InvokeRestore.cmd-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\InvokeRestore.cmd	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\7-Zip\7zG.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\7-Zip\Uninstall.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\7-Zip\7z.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Internet Explorer\iexplore.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\7-Zip\Uninstall.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\extcheck.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\idlj.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\7-Zip\7zFM.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\7-Zip\7zG.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\jabswitch.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Java\jdk1.8.0_66\bin\appletviewer.exe	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\7-Zip\7z.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe-	d41b4012cde00e643e4218b07eef5316_JC.exe

C:\Users\Admin\AppData\Local\Temp\d41b4012cde00e643e4218b07eef5316_JC.exe
"C:\Users\Admin\AppData\Local\Temp\d41b4012cde00e643e4218b07eef5316_JC.exe"
1⤵
- Drops file in Program Files directory
PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\odt\office2016setup.exe

Filesize
6.9MB

MD5
78311f79c5d6588141fff90574b4e099

SHA1
77e4f7f40d4be448c12c7d5c78821cde4b208a13

SHA256
034a671e046e8267b30b405023785f9735399d174e01a8be008c1e2698d7a9b6

SHA512
e57cecb9907f24156d4f05699777098b8a71867aae0f2d38bf4aec8d0238730a0df3dfb19c989676ab393647a883622add5d290c630e1bdb872f6a360ad08238

Download Submit
memory/2668-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads