26bef95aae36ac4bf7aa5d6af6ce65c95899ccda277f2b2b2983fad6b6726cbe

Analysis

max time kernel
148s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 06:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0aaec92a3c24085adbb3a31d4f38a5ee.exe
Size

1.8MB
MD5

0aaec92a3c24085adbb3a31d4f38a5ee
SHA1

55d9c4efa7f7c376648654abb860d0f2144c83ad
SHA256

26bef95aae36ac4bf7aa5d6af6ce65c95899ccda277f2b2b2983fad6b6726cbe
SHA512

94552a8d02e3ed928818afca69b710a318ba1f5cb1d966527daf61cc77a923f8bec69fda531db53d2831717cd6996b8cf35fc453c13ce2025727217de6d610e1
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqS:SCqm2Jpr0nNM7Dus7Nxj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1992-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x003000000001530e-5.dat	upx
behavioral1/memory/1992-666-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0aaec92a3c24085adbb3a31d4f38a5ee.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\booklist.gif.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sa_ja.jar	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_ja_4.4.0.v20140623020002.jar.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.http_8.1.14.v20131031.jar.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-netbeans-api-visual.xml_hidden	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\7-Zip\Lang\sr-spc.txt.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Vincennes.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Tashkent	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jp2iexp.dll	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\FlickLearningWizard.exe.mui	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher.eclipse_1.1.200.v20140414-0825.jar	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Khandyga	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-print.xml.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_zh_4.4.0.v20140623020002.jar.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\eclipse_update_120.jpg.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-10.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.jdp_5.5.0.165303.jar	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\locale\org-openide-filesystems_zh_CN.jar.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-sampler_zh_CN.jar	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\trusted.libraries	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcfr.dll.mui.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator.nl_zh_4.4.0.v20140623020002.jar	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes.nl_zh_4.4.0.v20140623020002.jar	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-output2.xml.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-openide-modules.xml	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Cocos	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jre7\bin\JAWTAccessBridge-64.dll	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Maputo.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\HST	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jre7\lib\zi\Africa\Tunis.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santiago.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrom.xml	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\Tripoli	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-io-ui_zh_CN.jar.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij.bat.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_ja.jar.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Baghdad.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Efate	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\sound.properties	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	0aaec92a3c24085adbb3a31d4f38a5ee.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png.exe	0aaec92a3c24085adbb3a31d4f38a5ee.exe

C:\Users\Admin\AppData\Local\Temp\0aaec92a3c24085adbb3a31d4f38a5ee.exe
"C:\Users\Admin\AppData\Local\Temp\0aaec92a3c24085adbb3a31d4f38a5ee.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.2MB

MD5
1b103a9e1ec1abebb268692f44917437

SHA1
ca0097b2daf59da78160b1ce32e8681a9908c98d

SHA256
5e4a7c543c25ce8db4ea30f6d94683e8f926c8031b94bdec5a2c5d0c68fa3790

SHA512
985814028c0f5c1d40502e197ade6cb7d5ef3b7d20d40d3b5e91651f778dde434b0781ca31ec5d85303a58bdecaa5dbdd95ec59c6e2ff682320a23bce89e59b8

Download Submit
memory/1992-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1992-666-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads