860867fe4f0198b987b687f5b699f56537180f53c77dd093aca64110d505dbc8

Analysis

max time kernel
157s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 14:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

00c8d419cee0c457282d444cc00e259c.exe
Size

1.8MB
MD5

00c8d419cee0c457282d444cc00e259c
SHA1

1ffaaf7b936484e7b63d6ed53c44085f5572c4df
SHA256

860867fe4f0198b987b687f5b699f56537180f53c77dd093aca64110d505dbc8
SHA512

818f9d13560ff13e5ff015a2ee5e61c11d30fa2aebe89ad3566b50a48954e72cf0d51e23d6ce4d45d3fa9ae83a23f93713fe7068d10ccca9af932d17b26b7926
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq+:SCqm2Jpr0nNM7Dus7Nx/

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3156-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022849-5.dat	upx
behavioral2/memory/3156-779-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Retail-ul-oob.xrm-ms.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019R_Trial-ul-oob.xrm-ms.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.exe	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\javaws.jar	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\j2gss.dll	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\accessibility.properties	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteR_OEM_Perp-ul-phn.xrm-ms	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\7-Zip\License.txt.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019DemoR_BypassTrial180-ul-oob.xrm-ms	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProR_Trial-ppd.xrm-ms	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\WordR_OEM_Perp-pl.xrm-ms.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.exe	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\dom.md	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.exe	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-conio-l1-1-0.dll.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Java\jdk-1.8\lib\javafx-mx.jar.exe	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioPro2019VL_MAK_AE-ul-phn.xrm-ms	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fonts\LucidaSansRegular.ttf	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial1-ppd.xrm-ms.exe	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PowerPoint2019VL_MAK_AE-ul-phn.xrm-ms.exe	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\it.pak	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Java\jre-1.8\lib\amd64\jvm.cfg.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTrial-pl.xrm-ms.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Java\jre-1.8\bin\kinit.exe.exe	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\fontconfig.bfc	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Grayscale.xml	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvApi.dll	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms.exe	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial3-pl.xrm-ms	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019R_Grace-ppd.xrm-ms	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019VL_KMS_Client_AE-ul-oob.xrm-ms	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp2-ppd.xrm-ms	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial2-ppd.xrm-ms.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.exe	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\OneNoteVL_KMS_Client-ppd.xrm-ms.exe	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessR_Retail-ppd.xrm-ms.exe	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTrial5-ul-oob.xrm-ms	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui	00c8d419cee0c457282d444cc00e259c.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll.exe	00c8d419cee0c457282d444cc00e259c.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\prism_common.dll	00c8d419cee0c457282d444cc00e259c.exe

C:\Users\Admin\AppData\Local\Temp\00c8d419cee0c457282d444cc00e259c.exe
"C:\Users\Admin\AppData\Local\Temp\00c8d419cee0c457282d444cc00e259c.exe"
1⤵
- Drops file in Program Files directory
PID:3156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
142KB

MD5
ad32a6e3eb0595cc0fdc34df07b1f7e4

SHA1
00a5b022f4e9e4c8e6c79bc2d8f3ac5402a95b39

SHA256
007b53b1ee554f352864e197f7dd4830c06fe1c7f3988714df42cc643dc18c98

SHA512
3148fa8c486d4270c60261ea32c2b01d196317d3ce851d8da2f1ad95b1cdf9e79a2c4a9230fcf2538606bcfa680ad5cb3a1e89c9d45e4c17da745b0b5a20d951

Download Submit
memory/3156-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3156-779-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads