4d706770ec0b2afaca7ab572132242c9b043f24017365fea80ae637394868089

Analysis

max time kernel
54s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41055236060eba505764dda2cc96bb10.exe
Size

1.8MB
MD5

41055236060eba505764dda2cc96bb10
SHA1

587bd584e6b5c190783df5e9901b3ece68f629fb
SHA256

4d706770ec0b2afaca7ab572132242c9b043f24017365fea80ae637394868089
SHA512

b32b1d01629959d18172df1d4f352c0c8ad2d6957e13a4a8b6a3d563138a86157c895307c9f63b194fc01efe6c678610de2726a5a5ffd42510020de5968b03db
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqg:SCqm2Jpr0nNM7Dus7Nx1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3488-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228ac-5.dat	upx
behavioral2/memory/3488-5658-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3488-13417-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	41055236060eba505764dda2cc96bb10.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp2-ppd.xrm-ms	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-96_altform-colorize.png.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-heap-l1-1-0.dll.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\LTR\contrast-white\MedTile.scale-100.png	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\officestoragehost.dll	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\AppIcon.targetsize-60_altform-unplated.png.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\java.security.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\da\msipc.dll.mui.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\SalesReport.xltx.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\HoloAssets\HoloLens_HeadTracking.png	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_description_plugin.dll	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedLargeTile.scale-100.png.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\TriPeaks.Large.png.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.27328.0_x64__8wekyb3d8bbwe\AppxSignature.p7x	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\xaml\onenote\CaptureUIStyles.xaml.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Cloud.png.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\StoreLogo\PaintApplist.scale-400.png	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\MedTile.scale-200.png	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\MSIPCEvents.man.exe	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\Blank_PhotosSplashWideTile.png	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-colorize.png.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Outlook2019R_Retail-pl.xrm-ms.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-32.png	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\resources.pri	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-256_altform-unplated_contrast-white.png.exe	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalR_Grace-ppd.xrm-ms.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\MedTile.scale-125.png	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_altform-unplated_contrast-white.png	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_F_COL.HXK.exe	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Dial\Thickness.png.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SplashWideTile.scale-125_contrast-black.png.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipstr.xml	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxManifest.xml	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_targetsize-72_altform-unplated.png	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\splashscreen.dll	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Effects\Top Shadow.eftx	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioProO365R_SubTest-ul-oob.xrm-ms	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Entity.Resources.dll	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\hr\LC_MESSAGES\vlc.mo	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\api-ms-win-crt-string-l1-1-0.dll	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\cs\LC_MESSAGES\vlc.mo	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-timezone-l1-1-0.dll.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\vi-VN\View3d\3DViewerProductDescription-universal.xml.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-30.png	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\StoreLogo.scale-150.png	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Microsoft Office\root\Office16\RTC.DLL.exe	41055236060eba505764dda2cc96bb10.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square310x310Logo.scale-400.png.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Microsoft Office\root\Office16\excelcnv.exe.manifest.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\msjet.xsl.exe	41055236060eba505764dda2cc96bb10.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-100.png	41055236060eba505764dda2cc96bb10.exe

C:\Users\Admin\AppData\Local\Temp\41055236060eba505764dda2cc96bb10.exe
"C:\Users\Admin\AppData\Local\Temp\41055236060eba505764dda2cc96bb10.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3488

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
887KB

MD5
74e4f181d03be0968c8e72469b598419

SHA1
c53aeb3de849e717efb477755c638ca90dd09c76

SHA256
fc70a165fdb1f393ac7f63170252990cbb28e8540737e7d61ed1488570650dac

SHA512
30c9c8fd7cab0a23e0f370a11363d50c6687ea6a33e90faac00d4c3cd3130f8ef22bb80cca5a4fee64ad8de2671e9edb8b4d56c7d604f633b2582a91488e262b

Download Submit
memory/3488-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3488-5658-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3488-13417-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads