466745be6b45249e9f2d27111d60c751f7b91f42ad8df02d644582e4e0266670

Analysis

max time kernel
182s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

03024d17a6adc6151aa9d40f250ddbaa.exe
Size

1.8MB
MD5

03024d17a6adc6151aa9d40f250ddbaa
SHA1

484d372ee89530ac3d2cf1d00d016bb2e4b81c49
SHA256

466745be6b45249e9f2d27111d60c751f7b91f42ad8df02d644582e4e0266670
SHA512

dd5a2f479ba975a6abab9c8b6382882a837825252e8006523f2ed53ced54618edee2f89376d9a29564a328f1c8d754b573949ec052e63f887508c65a57219d08
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHK:SCqm2Jpr0nNM7Dus7Nx2q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4476-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227ab-5.dat	upx
behavioral2/memory/4476-591-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\ga.txt.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\InstallClear.bmp	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\mshwLatin.dll.mui	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bg.pak.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskmenu.xml	03024d17a6adc6151aa9d40f250ddbaa.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.exe	03024d17a6adc6151aa9d40f250ddbaa.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.exe	03024d17a6adc6151aa9d40f250ddbaa.exe

C:\Users\Admin\AppData\Local\Temp\03024d17a6adc6151aa9d40f250ddbaa.exe
"C:\Users\Admin\AppData\Local\Temp\03024d17a6adc6151aa9d40f250ddbaa.exe"
1⤵
- Drops file in Program Files directory
PID:4476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
dacfaadbbd8e16f3f0f945993febb7e8

SHA1
355dc69433744f84a924f862349b705d37158872

SHA256
51c8d841e94150d5793b44d263bb8c0532398a059e317d1cad7c8fe86e5008eb

SHA512
cfef5514b7188792839a51378a0093617d0c82d5f56b1dc307444b15ebc91e4abf8cb5f3611348fc397dc51dfb01a1e96f645aa4b5c1a0159a9f673d4d4b2f77

Download Submit
memory/4476-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4476-591-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads