44208ca2be6f5a4c21c35c870f5eb4d9f87c426b1356e7bfa1790fabb6b92c4d

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08dbd6298489020137e63e91357cc689.exe
Size

1.8MB
MD5

08dbd6298489020137e63e91357cc689
SHA1

bf2ae92354a3777c3042ab23cff16a373e483be1
SHA256

44208ca2be6f5a4c21c35c870f5eb4d9f87c426b1356e7bfa1790fabb6b92c4d
SHA512

26b76389ac3cf5db319577525858e786cb724836e2eaeafa8b698a4da0634744f88b642d120b720cd56c878ac1780759949895c252bfb780adfa3b6fcef8e4e4
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqi:SCqm2Jpr0nNM7Dus7NxH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2640-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228a0-5.dat	upx
behavioral2/memory/2640-4305-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/2640-13409-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\desktop.ini	08dbd6298489020137e63e91357cc689.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Speech.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\PaintStudio.ViewElements.dll	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-32_altform-unplated.png.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\mashupcompression.dll	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationClientSideProviders.resources.dll	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Java\jre-1.8\bin\vcruntime140.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-pl.xrm-ms.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.46.11001.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\GamesXboxHubSmallTile.scale-100.png	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\cmm\sRGB.pf	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusVL_KMS_Client-ul-oob.xrm-ms.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\contacts_variant1_v3.png	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000018\cardview\lib\native-common\assets\[email protected]	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\STSCOPY.DLL	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\concrt140.dll.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\browse.json	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxwebkit.dll.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\AXIS\AXIS.INF	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-32_altform-unplated_contrast-high.png.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\clretwrc.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Microsoft Office\root\Office16\osfFPA\addins.xml.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.ServiceModel.Security.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsStoreLogo.scale-200.png	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\ExchangeLargeTile.scale-150.png	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\jfr\profile.jfc	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OMRAUT.DLL	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Windows Defender\it-IT\EppManifest.dll.mui	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionGroupWideTile.scale-150.png	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Generic-Light.scale-250.png.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\hr-HR\View3d\3DViewerProductDescription-universal.xml.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Place\LTR\contrast-white\LargeTile.scale-200.png	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxA-Advanced-Light.scale-125.png.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-96_altform-unplated_contrast-black.png.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-80_altform-unplated_contrast-white.png.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\SkypeSrv\SKYPESERVER.TLB	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-16_altform-unplated.png	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\pt-PT\View3d\3DViewerProductDescription-universal.xml	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSectionLargeTile.scale-100.png.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Office.png.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-200.png	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ExcelVL_KMS_Client-ul-oob.xrm-ms	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Windows Media Player\es-ES\wmpnssci.dll.mui	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileMediumSquare.scale-200.png.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\196.png	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\ShareProvider_CopyLink24x24.scale-200.png.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\it\WindowsBase.resources.dll	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Mozilla Firefox\crashreporter.exe.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-64_altform-unplated_contrast-white.png	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\notifications_emptystate_v3.png.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-256_altform-unplated.png	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\Retail\NinjaCatOnDragon.scale-200.png	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ApothecaryLetter.dotx	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TRANSLAT\FREN\WT61FR.LEX	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\ApplySticker.png	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-GoogleCloudCacheMini.scale-200.png.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxManifest.xml	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\SmallTile.scale-125.png.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\SmallTile.scale-200.png	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagement\de-DE\MSFT_PackageManagement.schema.mfl.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-30_altform-colorize.png.exe	08dbd6298489020137e63e91357cc689.exe

C:\Users\Admin\AppData\Local\Temp\08dbd6298489020137e63e91357cc689.exe
"C:\Users\Admin\AppData\Local\Temp\08dbd6298489020137e63e91357cc689.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
359KB

MD5
e5bf330d93e1c93f873be35e6d771cd6

SHA1
1c32539b47a9117c83f3e89ad2ebde73f58e6268

SHA256
cdeb6406f3cb056125d080ec41ad16a35fce916138e107a74c2702ee0923661f

SHA512
58e0f8c1b43d5a479b639e4b5603b0231045dd94bb55faa0b702c84941cb55a24fd041d932238ee2afe131fe7b5a1436ae4e823996f1910688aae2e8bceee766

Download Submit
memory/2640-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2640-4305-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2640-13409-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads