ef2b7c8168850e70b7598658a6be9a73b32daac0be3486ab3b579d2dbd5ee668

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 17:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08f47493c58780174ef091ac47fb6eb9.exe
Size

1.8MB
MD5

08f47493c58780174ef091ac47fb6eb9
SHA1

68bad5777a8f13cace271bbc51720eea79210ee7
SHA256

ef2b7c8168850e70b7598658a6be9a73b32daac0be3486ab3b579d2dbd5ee668
SHA512

fcfa8a64f4d33438921b657557b7a9e52cfd16c4fbeacb4316869deb7e556265c80fb2d7d3dcb989ff26c9986356d6b3071d5148a22d48b2feb0199d75b934bf
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkH+:SCqm2Jpr0nNM7Dus7Nx2e

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2168-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x000a000000013a21-5.dat	upx
behavioral1/memory/2168-2460-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2168-9186-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\desktop.ini	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	08f47493c58780174ef091ac47fb6eb9.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libcolorthres_plugin.dll.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Algiers.exe	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk_1.0.300.v20140407-1803.jar	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\en-US\ShvlRes.dll.mui.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\on_desktop\slideshow_glass_frame.png	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\css\localizedSettings.css.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\core\locale\com-sun-tools-visualvm-modules-startup_ja.jar.exe	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Microsoft Games\More Games\de-DE\MoreGames.dll.mui	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\Chkr.dll	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\WindowsBase.resources.dll	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-execution.xml.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libball_plugin.dll.exe	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-swing-outline_ja.jar	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-api-search.jar	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Krasnoyarsk.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Makassar.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST.exe	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.xml_1.3.4.v201005080400.jar	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Mozilla Firefox\application.ini.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\36.png	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Seoul	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Eucla	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libhttps_plugin.dll.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\js\settings.js.exe	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jabswitch.exe.exe	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-api-caching.xml.exe	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jre7\bin\mlib_image.dll	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libextract_plugin.dll.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\gadget.xml.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.exe	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaw.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.exe	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Istanbul	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_foggy.png	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt.exe	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\weather.css	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked-loading.png.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\InitializeCompress.jpeg.exe	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Athens	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Windows Journal\JNTFiltr.dll	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Windows Journal\it-IT\jnwdui.dll.mui	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Rio_Gallegos.exe	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libadf_plugin.dll	08f47493c58780174ef091ac47fb6eb9.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libfreeze_plugin.dll	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IpsMigrationPlugin.dll.mui.exe	08f47493c58780174ef091ac47fb6eb9.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.exe	08f47493c58780174ef091ac47fb6eb9.exe

C:\Users\Admin\AppData\Local\Temp\08f47493c58780174ef091ac47fb6eb9.exe
"C:\Users\Admin\AppData\Local\Temp\08f47493c58780174ef091ac47fb6eb9.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2168

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
439KB

MD5
56005b06b29babafa0a60f671749b519

SHA1
61dcad2d53be9eaff40d7189da345f50bc02a3ba

SHA256
3cc4a3b9f0d7de1b7bb6dc8e005d0ca7e19f84e09646b1fc0db2f57070c72fb5

SHA512
6d3350b28e6968f6cfd6104f67a513ce1bf68b0f2530b3350caac63efd1646d94ec86ed925174c89e8e06c7d89b7e9b889bb81b3eec9ec76fa83d9066144194c

Download Submit
memory/2168-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2168-2460-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2168-9186-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads