4f0bed0dc2c5249acd72d1cb35c8accb1896b2a3f643a064fb80dec6450275f6

Analysis

max time kernel
4s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 04:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04f99a1d8e9da45109920a6dcfd7e1a5.exe
Size

1.8MB
MD5

04f99a1d8e9da45109920a6dcfd7e1a5
SHA1

0f87eb2146b18f1ef7c32fa4500f7bb05e8b21b5
SHA256

4f0bed0dc2c5249acd72d1cb35c8accb1896b2a3f643a064fb80dec6450275f6
SHA512

ebbc362af5d2ba2d5e807b5f7d266b2103f49420735e84ca48c90d8e95851055467b5c2a84d5ae2beb28c1bc9fb6e49a08292e10e90cdd83b76ef794357ebb8d
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHA:SCqm2Jpr0nNM7Dus7Nx2g

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5024-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228cc-5.dat	upx
behavioral2/memory/5024-6047-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000021974-11109.dat	upx
behavioral2/files/0x0001000000021974-11108.dat	upx
behavioral2/files/0x0001000000021974-11107.dat	upx
behavioral2/files/0x0001000000021974-11106.dat	upx
behavioral2/files/0x0001000000021974-11105.dat	upx
behavioral2/files/0x0001000000021974-11104.dat	upx
behavioral2/files/0x0001000000021974-11179.dat	upx
behavioral2/files/0x0001000000021974-11178.dat	upx
behavioral2/files/0x0001000000021974-11177.dat	upx
behavioral2/files/0x0001000000021974-11176.dat	upx
behavioral2/files/0x0001000000021974-11175.dat	upx
behavioral2/files/0x0001000000021974-11174.dat	upx
behavioral2/memory/5024-13421-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\cs-CZ\tipresx.dll.mui.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\mshwLatin.dll.mui	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\wab32.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File opened for modification	C:\Program Files\BackupFormat.php	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\AddClose.ps1.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.exe	04f99a1d8e9da45109920a6dcfd7e1a5.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui	04f99a1d8e9da45109920a6dcfd7e1a5.exe

C:\Users\Admin\AppData\Local\Temp\04f99a1d8e9da45109920a6dcfd7e1a5.exe
"C:\Users\Admin\AppData\Local\Temp\04f99a1d8e9da45109920a6dcfd7e1a5.exe"
1⤵
- Drops file in Program Files directory
PID:5024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1KB

MD5
8c153d8651a036b2c26fc7381f6b8430

SHA1
c72685b02e7c41ccb141fcc21774e1564aa3ede2

SHA256
48f3931db347d3678dd408d0c17fdc119c63500d691170dc50ebfde74fb71691

SHA512
19def5520bae275d0afb38e56aaf0f263f3cfd691d39d8b93c3b9209824c0af1a4bcc0b9ff2bd26fe8237f101a7e61d30d28aa317f9f593d7f2ef365521ce96b

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
17KB

MD5
d6e7ea1a98697fc17556c852693eb63f

SHA1
2f62ee7190cb808736ade569ecb6997ddca99fb5

SHA256
8a85234a55e21e0789e2dcd03d69f5ff4b8c8c00cf1e95b48790806cf2013f9d

SHA512
b72255047125483f5db9cddc328e02ad78f33d6673fc8349969f1eac4d09563e3cd23de4f5f473a485c34667d53ec3ed1641b186b827896bad6184cf70f5dcdd

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
19KB

MD5
2c833d3fbee7923825e1997b2cb1cc2c

SHA1
aa82ef36417ba72ba31ca5c7aff50a7b758da7ec

SHA256
cd42ebc7a9adcdfcc543a7c292702e13bacbda8e7ff3d3cbee755f7a496ef18e

SHA512
1191390f6d62cd9ff4388dfaf5155ff1f3690cdcaa699bcf0404fd7691a0b3b90efe8732cf37ef015c99630b3682375b53a0134af4dcadb2299b7192cce6c45d

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
35KB

MD5
3c21c7e37d0144eef6fb6dd799ab154f

SHA1
9023602f1e187002cc8660e564e1e01aed4d3e30

SHA256
734c741b9b4693485c7f4b82f7464906a930bb0bdf8bdb9b1655e6045e72ea53

SHA512
385a4f1516f631c994b4436753103449699f30b8135bca625edddf5ed2d1d302336e64e672da569eb675cbe4a0aeb86356639e1576406038d7517f04e66266b5

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
45KB

MD5
4e08df0175b611cd898571a30a61f7c6

SHA1
7a2b299b25ac10e0011a47cd374a27513e556a8f

SHA256
eb8daad8cbac79a73f033374b9f846b5904b043d9b7a7e0b81df13420c52fbe0

SHA512
bd8da0d08a7923fb865a60584047611584f54a51b89507e75f3b7c635da19f1b4c1162725782f2a64967eba4da7f70ab0984868068c772826efb25a490f6f165

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
85KB

MD5
38985e72a5d094de02e6cc5dc77fca0b

SHA1
aa8d4f9982a1d2c5600927664b0909a2226ce059

SHA256
b0d7a696c7d0dec408374a81f8248f0563452ba3b0c90c24a68001645a1e9664

SHA512
5a8890257b25f0911270712ed01204533b9d234a7cac45d5bdf41ba195f83b6cad36e000bb78485c2f46bdb79ccbee3ae10866918d35695ae3b9b2805f3c30f5

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
46KB

MD5
a872b66185f6f953a052d70223a751f0

SHA1
d09866cc6f07683b92ea2c228a490b5fc6e5f5de

SHA256
4863181413c4d98d4326a2719b219c7714470a3152d9f68501b65a79d40d17c5

SHA512
bc8f4abb98412830fc67dd3b48c5c8a29d968026f63a969d8ef1d8d657c742bde410afe08979e14ead14f607d1d67efe7cd4a76fc32d1d14b2bedb3bad440ede

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
4KB

MD5
31c82ba0413069a944640c7d95b59384

SHA1
390646dc1935227a3e0b52c6077618dea869e75e

SHA256
639b4ca091f86c4d9ec14da6eb7253302b46dde5e0a28fc3715610067b7bcd4c

SHA512
e453fefe7cdff8faab5ed6b4b19457be29602790eff0818406ceaf412ed5f790bee167e9c6f9dc5ed93f66bf3742f6b15d1e533a76219947d65307b47946ebdd

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
5KB

MD5
e4b0b5aa433f3765b67ff00fa8418587

SHA1
d90336f188726a172c5d74c4f169a135714ee957

SHA256
eaebac287603b504ada8e44998f20d65afa4d598f015a3bb16e77d8dec187578

SHA512
336465a55484c3a8071c1452bd5dfcada0a6c42ed21924d9c4e8bf0614147bd4a6864f465c56686fe7552b9f011e43c918ac6fe53034e427841807ddbd89dc5c

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
42KB

MD5
eef6f905ee4010e3f9744a03b338b8f0

SHA1
b3546e644f04d916cdaa3daec2e3061b6f841433

SHA256
35b4894559d8c98a9c3f827e33b6b34a3b3c04dd418bd58be2e42cfe41a6a375

SHA512
bf1a6fa0acc7803141fbd3f14b6d303b31c65155dd75823407882ba4f480c2e42c052b4a7effcc417cb66e452088e39af4ec9e6e5cc210c70dc94e00d5b6959f

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
15KB

MD5
502bc738095377e6f1b9848b86418bfe

SHA1
02962b55400e745b895939a419c448599d75e1ac

SHA256
3f2f9c367489914c871a60cf823276a9790d8d21b9d36ba568172ddb828bccef

SHA512
b1714b73f819167d258a91f2c7ba7258aa534d4369322ce18e6c1c1d62c9312738a8eacf3bcc0e283a8a432cbfc26e1c63f184cb047df5fe1951822b7e978f72

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
42KB

MD5
a63cda33ef3d7de4c5bceb43c45e07d9

SHA1
c65b8ef15fe88a00347c54359af06d80301130ce

SHA256
06a8a6d59d90a2ab1ad77d06368a072664c477c34d07fc1961116f2b8c55050c

SHA512
22376313d4aa43469bc8c8cfadeda7c11b971a1fe8d9de0ce49047df829f208a3a9c9ac877a38166c02dc9d68c3a7bc369a58f6179e743756488408265708af6

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
20KB

MD5
f8fe40d36ab17eb5828d15015cbbeb7b

SHA1
5a12209666643e77d2adb4e89882d79d909ac3f8

SHA256
642cdbe09b91d95b3d4b8c8f22cfcc9c0d4cd88ebed144d403a95ffbeab96e6a

SHA512
9d0aba25cdf033ce7b9d5e96c724e38c637e8171825a2ef710564b579d53ecbd49f7dfdd7c106e19bd2ac8f2bb6ca372235acdf043d27e4f2d000539d84b65e3

Download Submit
memory/5024-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/5024-6047-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/5024-13421-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads