8684a30e8a21910feb6e418e04a1430fe146650f7484044179ee5b27a3405048

Analysis

max time kernel
8s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 17:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

092c0a43c76bc4712a7be2bfc0c00620.exe
Size

1.8MB
MD5

092c0a43c76bc4712a7be2bfc0c00620
SHA1

2f5bf05e3ab7aeb261f9ab9fa8c852f88a2f3be0
SHA256

8684a30e8a21910feb6e418e04a1430fe146650f7484044179ee5b27a3405048
SHA512

a60f4d868ce03a4f607c88f069f244388994a61ac2dfe5e50cbdabdb45ad61be107f818f0bcd2b713cd45b2dcabc15aae48283c7de153e9b10dcf4c5ca623a12
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqo:SCqm2Jpr0nNM7Dus7NxJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2704-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228a0-5.dat	upx
behavioral2/memory/2704-5828-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/2704-13395-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Java\jdk-1.8\jmc.txt.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\7-Zip\7z.sfx.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui\oskclearuibase.xml	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmid.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Java\jdk-1.8\include\jdwpTransport.h.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.exe	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui	092c0a43c76bc4712a7be2bfc0c00620.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui	092c0a43c76bc4712a7be2bfc0c00620.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	092c0a43c76bc4712a7be2bfc0c00620.exe

C:\Users\Admin\AppData\Local\Temp\092c0a43c76bc4712a7be2bfc0c00620.exe
"C:\Users\Admin\AppData\Local\Temp\092c0a43c76bc4712a7be2bfc0c00620.exe"
1⤵
- Drops file in Program Files directory
PID:2704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
16KB

MD5
2713d753579f51b3a55e2d9c7924f0cb

SHA1
4b4fd6fdf94dffc275eb372c3e77d0dd448b906e

SHA256
9a0d582a3f8ba6df60accb3c452db5c056456f08ef17fd7ce519b5d0f40793d2

SHA512
23e382fe150f769ac22843a5f858d2307882e1ca4d62847cf9e51d63c9a119afc100adfe5d1053ef38459ebd890299e9ceafc19531e713a21c1f2111ae71e7dd

Download Submit
memory/2704-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2704-5828-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2704-13395-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads