f85e71f98d552a12b7163a4628784756766ee8d65675ac21fba8c12958d55cbd

Analysis

max time kernel
130s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 16:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

06c96605be0db2b962783d33784e6f94.exe
Size

1.8MB
MD5

06c96605be0db2b962783d33784e6f94
SHA1

25ee6bb74e6f7a0588c76b78fa04f036d3bb7768
SHA256

f85e71f98d552a12b7163a4628784756766ee8d65675ac21fba8c12958d55cbd
SHA512

590dceb319c6193d21a610023e95c5b61d817e26f0768131e4408b8631e25ed0702f86fe0e6379457f23a5f8361b43f25d8bafdd80028c7aedb70bf4fd3f5e73
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqG:SCqm2Jpr0nNM7Dus7NxH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1424-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0007000000014b87-5.dat	upx
behavioral1/memory/1424-616-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	06c96605be0db2b962783d33784e6f94.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\jconsole.jar	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Oral.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.exe	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\DVD Maker\PipeTran.dll.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png.exe	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vk_swiftshader_icd.json	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT.exe	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg.exe	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Yakutat	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak.exe	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ea-sym.xml	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\feature.xml	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub.DataWarehouse.dll.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbynet.jar.exe	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Kiritimati	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.exe	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Belem.exe	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenalm.dat.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pl.pak.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\7-Zip\7z.exe.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.exe	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sawindbg.dll.exe	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Vevay	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html.exe	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\CIEXYZ.pf.exe	06c96605be0db2b962783d33784e6f94.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	06c96605be0db2b962783d33784e6f94.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png	06c96605be0db2b962783d33784e6f94.exe

C:\Users\Admin\AppData\Local\Temp\06c96605be0db2b962783d33784e6f94.exe
"C:\Users\Admin\AppData\Local\Temp\06c96605be0db2b962783d33784e6f94.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
f36ebe29d67e26c8c2198b756984b1ab

SHA1
b35ef9d2dd04cd293e844e1779b3e7380726dd22

SHA256
73ccc46845ad89a83be4ffaeeb2890486763ce94d9cf759578ba6e189ecc1ef6

SHA512
419c9e43c3551bcc62fa5ff6b067152adee0ab6b08f31c0082e83eccb6d2cb43c9662eca57c749c6cd76f25f0705f15df024e713a916211cb4a352bfa4956bee

Download Submit
memory/1424-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1424-616-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads