b12a391fb989a1e4bb98d249a0179b59b66e48e2bb20cedaf394f11ebed6e9c5

Analysis

max time kernel
148s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 05:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0683cc8080db2c9f92f7488876483352.exe
Size

1.8MB
MD5

0683cc8080db2c9f92f7488876483352
SHA1

c83af3b19a00226efb34c606512250ea0da43223
SHA256

b12a391fb989a1e4bb98d249a0179b59b66e48e2bb20cedaf394f11ebed6e9c5
SHA512

b982bc9ca241dca0270495489efecbf117dea9a4f215aedbc3f2ab32c716eb0f15f2ff871e501c30a1fb2326608bd49295873090bfcea92f9affb758518d1bed
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHz:SCqm2Jpr0nNM7Dus7Nx2T

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2444-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022791-5.dat	upx
behavioral2/memory/2444-432-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrus.xml.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\7-Zip\7zFM.exe.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\rtscom.dll.mui.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.exe	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mshwLatin.dll.mui	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.exe	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.exe	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml.exe	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.exe	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.exe	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll.exe	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.exe	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TabTip.exe.mui.exe	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll	0683cc8080db2c9f92f7488876483352.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.exe	0683cc8080db2c9f92f7488876483352.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll	0683cc8080db2c9f92f7488876483352.exe

C:\Users\Admin\AppData\Local\Temp\0683cc8080db2c9f92f7488876483352.exe
"C:\Users\Admin\AppData\Local\Temp\0683cc8080db2c9f92f7488876483352.exe"
1⤵
- Drops file in Program Files directory
PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
225673d3caf07fdaf5a28ab0b6bc01e6

SHA1
018e045ab7f0a8a6e64a212991f77718b5c1fb7b

SHA256
70c267ed83e03d31696b3a0892859bd859bb6f70a48bb3c2a7fdbb6459038664

SHA512
63e08f4aa54a4294e2ab0aff55a9a7a2601cf29b7a9cd689baa176715a52403fb179e1a0344af1fd9ea413cdcd1805f813612c4ea25f6053aa1733b00b8d4b78

Download Submit
memory/2444-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2444-432-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads