45b3bba3af0a011726abba7a4fdd63b24c1f3128e9a806e8eb3a0c2ebb3f8235

Analysis

max time kernel
3s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0dd99a7538f393a0604da7316b796de0.exe
Size

1.8MB
MD5

0dd99a7538f393a0604da7316b796de0
SHA1

8e75c42561bc7773db5573211f22fa374313e9b7
SHA256

45b3bba3af0a011726abba7a4fdd63b24c1f3128e9a806e8eb3a0c2ebb3f8235
SHA512

8c86deeca213180cfdc02a39cb921957d7ece55264e0215d20e77449273f7a09f971add79d90331e40eaf13d373c6628e621545f54fb7b6afe6c6f84b66624a8
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqf:SCqm2Jpr0nNM7Dus7NxO

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2920-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x003700000001508a-5.dat	upx
behavioral1/memory/2920-1909-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2920-9213-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0dd99a7538f393a0604da7316b796de0.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml	0dd99a7538f393a0604da7316b796de0.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipTsf.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeslm.dat	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sl-SI\tipresx.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnld.xml	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu\oskmenubase.xml	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskmenu.xml	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nl-NL\tipresx.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\ApproveRepair.001.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll	0dd99a7538f393a0604da7316b796de0.exe
File opened for modification	C:\Program Files\ApproveRepair.001	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSFrontendENU.dll.exe	0dd99a7538f393a0604da7316b796de0.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Garden.htm.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.htm.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.exe	0dd99a7538f393a0604da7316b796de0.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web\webbase.xml	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.exe	0dd99a7538f393a0604da7316b796de0.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipBand.dll.mui.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\7-Zip\7z.exe.exe	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll	0dd99a7538f393a0604da7316b796de0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui	0dd99a7538f393a0604da7316b796de0.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	0dd99a7538f393a0604da7316b796de0.exe

C:\Users\Admin\AppData\Local\Temp\0dd99a7538f393a0604da7316b796de0.exe
"C:\Users\Admin\AppData\Local\Temp\0dd99a7538f393a0604da7316b796de0.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
17KB

MD5
bbe6e447cb07f8fcab20581c532179d6

SHA1
78dd18e07bffa3e181b5b9096c23ab5817033991

SHA256
f003952437e235d1072137f0b60534572281c6c31d41b6080a8fa7e1cc4bb4b4

SHA512
4cef012924bb9b00f3e2e0dfc8ea9fe9feafb55a109e183fc2d0269f5c54501163e518a3bec921dbfc7d8b83cbf1e90023407b24cf4e0ef247ececfcf7419576

Download Submit
memory/2920-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2920-1909-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2920-9213-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads