3436c8c8eca54d1bdf2d6412cbfe3f1d35e7284447548c73e40f068ac7e29a46

Analysis

max time kernel
145s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 19:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0ea61a216f23f222553722d7290b0751.exe
Size

1.8MB
MD5

0ea61a216f23f222553722d7290b0751
SHA1

3ba503e7f538298dc7e633360b2412873c7c66fb
SHA256

3436c8c8eca54d1bdf2d6412cbfe3f1d35e7284447548c73e40f068ac7e29a46
SHA512

4a63f93683bebf7091248695ac1d864e44796407650c72ac40d171b4c3747b6172ff0660187a6c24700d9c2d8f59dee9c1a75578fb2e530b53f1a8a59f88be66
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqa:SCqm2Jpr0nNM7Dus7Nxj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2464-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0031000000016fb9-5.dat	upx
behavioral1/memory/2464-600-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	0ea61a216f23f222553722d7290b0751.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.exe	0ea61a216f23f222553722d7290b0751.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_xml.luac	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\6.png	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\native2ascii.exe.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\MineSweeper.exe.exe	0ea61a216f23f222553722d7290b0751.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mraut.dll	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.common_5.5.0.165303.jar.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-actions.xml.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Mozilla Firefox\firefox.cfg.exe	0ea61a216f23f222553722d7290b0751.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt.nl_zh_4.4.0.v20140623020002.jar.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-core-file-l2-1-0.dll.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rankin_Inlet.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-application-views.jar.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\ReachFramework.resources.dll	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\simplexml.luac.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipBand.dll.mui	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png	0ea61a216f23f222553722d7290b0751.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-text_ja.jar	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Aqtau.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\VideoLAN\VLC\locale\af\LC_MESSAGES\vlc.mo.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Microsoft Games\More Games\MoreGames.dll.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Windows Defender\ja-JP\MpEvMsg.dll.mui.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\tile_bezel.png.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.exe	0ea61a216f23f222553722d7290b0751.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libdca_plugin.dll	0ea61a216f23f222553722d7290b0751.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-api.jar.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jre7\bin\kcms.dll.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Lindeman.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\servertool.exe.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\localizedStrings.js	0ea61a216f23f222553722d7290b0751.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Windhoek	0ea61a216f23f222553722d7290b0751.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar	0ea61a216f23f222553722d7290b0751.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Pago_Pago	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.xml.exe	0ea61a216f23f222553722d7290b0751.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-netbeans-core.xml	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Ushuaia.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jawt.lib.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Halifax.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Magadan.exe	0ea61a216f23f222553722d7290b0751.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.updatechecker_1.1.200.v20131119-0908.jar	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.nl_ja_4.4.0.v20140623020002.jar.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll.exe	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\Windows Defender\MpCommu.dll.exe	0ea61a216f23f222553722d7290b0751.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	0ea61a216f23f222553722d7290b0751.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png.exe	0ea61a216f23f222553722d7290b0751.exe

C:\Users\Admin\AppData\Local\Temp\0ea61a216f23f222553722d7290b0751.exe
"C:\Users\Admin\AppData\Local\Temp\0ea61a216f23f222553722d7290b0751.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
c9c5c80914a8b31d36c3eb6dfd123347

SHA1
f99b0f2f448da2e5eb1c6fda9e25ef5cf509b0a5

SHA256
bb18975c1969408e0d2b0149da392218632cc07d90f42a306a3352fac703821c

SHA512
05e3511ef1684f97122983bcf682da58c76297df3e1e517812f648b9d89a87423142526f87cd3cf3fbe0c19ad677b97415908319011b10f3c1ff50c39a6b0f6a

Download Submit
memory/2464-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2464-600-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads