afd078b687601e1489dc289c6e5d7bcad6cf97c749dc275f1352998f40d2ac39

Analysis

max time kernel
38s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 02:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

00f8e8588df40a0ff589fdcf05d38277.exe
Size

1.8MB
MD5

00f8e8588df40a0ff589fdcf05d38277
SHA1

7c6f683744421c7e523dbd4946c1d541ba55dab0
SHA256

afd078b687601e1489dc289c6e5d7bcad6cf97c749dc275f1352998f40d2ac39
SHA512

b5097c167b57691a8bc8d91e0d12a36f80e9780ddab674c551c1f40b48799f5eaa070ec99963a738429f4d3a64172ea87f0f437feea7c4439bbf5db3a1706a60
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq9:SCqm2Jpr0nNM7Dus7Nxs

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1048-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022849-5.dat	upx
behavioral2/memory/1048-694-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\CloseStop.dib.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.exe	00f8e8588df40a0ff589fdcf05d38277.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll	00f8e8588df40a0ff589fdcf05d38277.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll	00f8e8588df40a0ff589fdcf05d38277.exe

C:\Users\Admin\AppData\Local\Temp\00f8e8588df40a0ff589fdcf05d38277.exe
"C:\Users\Admin\AppData\Local\Temp\00f8e8588df40a0ff589fdcf05d38277.exe"
1⤵
- Drops file in Program Files directory
PID:1048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
92KB

MD5
94d0a59e3e1f8034cf928876b525b2e7

SHA1
30600a6adaa67b9869a92bdcd1fa14b38632e150

SHA256
ed4e1966cd563d7725bc4d87fc6c03e4f2c170a015dc364b4ab9dbe923de852c

SHA512
42d76e865408a314eac1a5158ec5b09058b07b0672ae4850e495ab029b40115e52037bd0248ddf546139aee00a78b442dbee2b5e56bf5653c42d45a5d64271bf

Download Submit
memory/1048-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1048-694-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads