7d691d0e9c3e94763807b511a63f73a131559652f172a0ec65f42cd9d2d565fc

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 04:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

05383fc3d120d6b64b39104a817d6709.exe
Size

1.8MB
MD5

05383fc3d120d6b64b39104a817d6709
SHA1

d5eab92d979d5574869c35627d02f0039d687187
SHA256

7d691d0e9c3e94763807b511a63f73a131559652f172a0ec65f42cd9d2d565fc
SHA512

021b0377f469d47bc5498f802ab8ef7d0de8b2984d53af3566131b09308d03bc5cc0666c505ece1a00188d3d8c279ca7070a126d33366cfde0c086b814fcdf44
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq0:SCqm2Jpr0nNM7Dus7Nxh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2020-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x003600000001508a-5.dat	upx
behavioral1/memory/2020-3233-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2020-9177-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\desktop.ini	05383fc3d120d6b64b39104a817d6709.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\clock.html	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkWatson.exe.mui.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.exe	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator_1.1.0.v20131217-1203.jar	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Java\jre7\lib\jfxrt.jar.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\46.png	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.exe	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\ja-JP\bckgRes.dll.mui.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nb\LC_MESSAGES\vlc.mo.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\gadget.xml	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\dark\e4-dark_globalstyle.css.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-modules.xml.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-editor-mimelookup-impl.xml.exe	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-modules-favorites.xml_hidden	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-11	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\oskpred\oskpredbase.xml.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png.exe	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Sofia	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Mail\wabfind.dll	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.engine.nl_ja_4.4.0.v20140623020002.jar	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmpnetwk.exe.mui	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\RSSFeeds.html.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin_2.0.100.v20131209-2144.jar.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\diner.png.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\docked_gray_snow.png.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Lord_Howe.exe	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-core-windows_visualvm.jar	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\misc\libstats_plugin.dll.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\de-DE\css\flyout.css	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.eclipse_2.1.200.v20140512-1650.jar	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.forms.nl_zh_4.4.0.v20140623020002.jar	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-autoupdate-cli.jar	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Journal\fr-FR\Journal.exe.mui	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\images\Back-48.png.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\images\glass_lrg.png.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\asl-v20.txt.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-multiview.jar.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libnormvol_plugin.dll.exe	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Cayman	05383fc3d120d6b64b39104a817d6709.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Maceio	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Journal\fr-FR\NBMapTIP.dll.mui.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Media Player\ja-JP\setup_wm.exe.mui.exe	05383fc3d120d6b64b39104a817d6709.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\main.html	05383fc3d120d6b64b39104a817d6709.exe

C:\Users\Admin\AppData\Local\Temp\05383fc3d120d6b64b39104a817d6709.exe
"C:\Users\Admin\AppData\Local\Temp\05383fc3d120d6b64b39104a817d6709.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2020

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
64KB

MD5
5d6e93dc9cf3345b9fc3fceba5e66d8d

SHA1
ad562445b110bb1019aaf2f6692ff767a412e88f

SHA256
cc7f1fd0a613ff62473351b2f4dd2ebfebf6525402fec4abce4a659555067cec

SHA512
f05a7f263b3c762507e54294ae36fec86c829539050f2b67d7a5076dc133ee5551df9ab30e7f1c2c52fa494d4ebcf829dfd7b217bfaaca3a3344dc3af84b14a6

Download Submit
memory/2020-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2020-3233-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2020-9177-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads