7b34c5e028033e5c3d0c0bd738f271dee8593094d4d0b5fa2b35943a51b07ad6

Analysis

max time kernel
2s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cf0d55b39782b296352b2c1f5db6442.exe
Size

1.8MB
MD5

0cf0d55b39782b296352b2c1f5db6442
SHA1

6b945f1b050ecd9405d22ef403c4be9d86922661
SHA256

7b34c5e028033e5c3d0c0bd738f271dee8593094d4d0b5fa2b35943a51b07ad6
SHA512

f9392762cf540be84204b3af1b7907d7bbef4887049ef01fcbf328d791ec22996cdfabcf1b24fd6d40847a634ef8a214d03894ab1eafc1f8b681f6f75fe7bc80
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq/:SCqm2Jpr0nNM7Dus7Nxm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000014a5b-5.dat	upx
behavioral1/memory/2908-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2908-3072-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2908-9218-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0cf0d55b39782b296352b2c1f5db6442.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_altgr.xml	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ru-RU\tipresx.dll.mui.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\VISFILT.DLL	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IPSEventLogMsg.dll.mui.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main.xml	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll	0cf0d55b39782b296352b2c1f5db6442.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXEV.DLL.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VC\msdia100.dll	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_ca.xml	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ko-kr.xml	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\ja-JP\MSTTSLoc.dll.mui.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	0cf0d55b39782b296352b2c1f5db6442.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipBand.dll.mui	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sv-SE\tipresx.dll.mui	0cf0d55b39782b296352b2c1f5db6442.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\InputPersonalization.exe.mui.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sr-Latn-CS\tipresx.dll.mui.exe	0cf0d55b39782b296352b2c1f5db6442.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	0cf0d55b39782b296352b2c1f5db6442.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe.exe	0cf0d55b39782b296352b2c1f5db6442.exe

C:\Users\Admin\AppData\Local\Temp\0cf0d55b39782b296352b2c1f5db6442.exe
"C:\Users\Admin\AppData\Local\Temp\0cf0d55b39782b296352b2c1f5db6442.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
13KB

MD5
5d049837391affc7e0653c5313c05bc9

SHA1
48a9743e5df48b28afc866c1768b36a7a8f75492

SHA256
ea3caf4fc41d017bae9cb4d153cceecba3d57b04c8925da8d3c28bd653f2e9e4

SHA512
2ce926045e4d8d70f3cf2651b442d1da3b85d810cfe84c2b2d22a0feef00f750c8f7289b72bc9c9e4d28c25becc4885f44e828fe80903137a5010ecd5ad35222

Download Submit
memory/2908-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2908-3072-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2908-9218-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads