c24b6b0c9232c9bca91781ed8532d526f2e45c1a5dc1d753fd7a5d878d0f5c36

Analysis

max time kernel
154s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

01e9540b3d6c1a3dd2c3d4a9eb952448.exe
Size

1.8MB
MD5

01e9540b3d6c1a3dd2c3d4a9eb952448
SHA1

a64668e9c62c5e284796c941baf62f5ca3e379eb
SHA256

c24b6b0c9232c9bca91781ed8532d526f2e45c1a5dc1d753fd7a5d878d0f5c36
SHA512

c9846b775fb1564839c60b617b9b28382ecac47847067b9f2f21dc2d1543ee3100a4c9eedaec7450da6ef6dbbfba17ca23783679f398e6b15eb369656f76178c
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqV:SCqm2Jpr0nNM7Dus7Nxc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/404-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227ab-5.dat	upx
behavioral2/memory/404-653-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\gl.txt.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libGLESv2.dll.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\charsets.jar.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\meta-index.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jre-1.8\bin\splashscreen.dll.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Internet Explorer\hmmapi.dll	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jfxwebkit.dll	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\logging.properties	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-environment-l1-1-0.dll.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\eventlog_provider.dll.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\zlib.md.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jli.dll.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\ShapeCollector.exe.mui.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\jpeg_fx.md.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jre-1.8\bin\eula.dll.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipTsf.dll.mui	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\ConvertFromBackup.mhtml.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\fontconfig.properties.src.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\msvcp140_1.dll	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\nashorn.jar	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jre-1.8\bin\policytool.exe.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\msvcp140.dll	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\thaidict.md	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ct.sym.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.exe	01e9540b3d6c1a3dd2c3d4a9eb952448.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll	01e9540b3d6c1a3dd2c3d4a9eb952448.exe

C:\Users\Admin\AppData\Local\Temp\01e9540b3d6c1a3dd2c3d4a9eb952448.exe
"C:\Users\Admin\AppData\Local\Temp\01e9540b3d6c1a3dd2c3d4a9eb952448.exe"
1⤵
- Drops file in Program Files directory
PID:404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
fd951b36abc4a8fe753b54532e6e4ac7

SHA1
92a23fa7630e660e3974cda3463eac68361f5f63

SHA256
7a022cbc401918a36428d3cb3987000de60f11cf65edfdca77cad2a2fecc9d44

SHA512
d061e415585ba346f6605cb5c3505a297c9236248edebed03116f9a96611037e92f5175ede57bb5774f34f947cd9bdbfffa427a0f1043a771e4e7213328cb7a9

Download Submit
memory/404-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/404-653-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads