181dd0313664c20f04d1620295999184819290895722515ec23b5cf0c795025d

Analysis

max time kernel
132s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 06:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0c6f4064f4fd49eb207737261d4cb98b.exe
Size

2.8MB
MD5

0c6f4064f4fd49eb207737261d4cb98b
SHA1

1f0a24cd22db83fdfd0b7d5c1711ad7cb58c8261
SHA256

181dd0313664c20f04d1620295999184819290895722515ec23b5cf0c795025d
SHA512

6ef3d93112cc058bfba6f74028ba7eee61994c8282ed12712ece18eb3962a9eeb73becb9412ab20aad3cdb06c2dd431e4aea144710e5b2e0be14b20c333fad44
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91R:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2964-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0030000000014b90-5.dat	upx
behavioral1/memory/2964-482-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	0c6f4064f4fd49eb207737261d4cb98b.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicHandle.png.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Mozilla Firefox\uninstall\uninstall.log.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Guadalcanal.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-snaptracer_ja.jar	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Indian\Christmas	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSCommon.dll	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Mozilla Firefox\lgpllibs.dll	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup-impl_zh_CN.jar.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.services.nl_ja_4.4.0.v20140623020002.jar	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jre7\bin\java-rmi.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Sofia	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-windows_zh_CN.jar	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\.settings\org.eclipse.equinox.p2.metadata.repository.prefs.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\core\org-openide-filesystems.jar	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\org-openide-util_ja.jar	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.nl_zh_4.4.0.v20140623020002.jar.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-swing-outline.jar.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ecf.provider.filetransfer.httpclient4.ssl_1.0.0.v20140827-1444.jar.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\dsn.jar.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.Printing.resources.dll	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxmedia.dll.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-openide-util-enumerations.xml	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Wake	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\license.html.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jre7\bin\sunec.dll	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\README.html	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Bucharest	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Recife.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IpsMigrationPlugin.dll.mui.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-selector-ui_ja.jar.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-keyring-impl.xml.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\lib\smtp.jar.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Microsoft Games\Minesweeper\fr-FR\Minesweeper.exe.mui.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fontmanager.dll	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\eclipse.inf	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Amsterdam	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Backgammon\fr-FR\bckgRes.dll.mui	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-progress_zh_CN.jar	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\javax.inject_1.0.0.v20091030.jar	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_ja.jar.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-threaddump_ja.jar.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Apia.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Microsoft Games\Solitaire\es-ES\Solitaire.exe.mui	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\micaut.dll.exe	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Athens	0c6f4064f4fd49eb207737261d4cb98b.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties	0c6f4064f4fd49eb207737261d4cb98b.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core-multitabs.xml.exe	0c6f4064f4fd49eb207737261d4cb98b.exe

C:\Users\Admin\AppData\Local\Temp\0c6f4064f4fd49eb207737261d4cb98b.exe
"C:\Users\Admin\AppData\Local\Temp\0c6f4064f4fd49eb207737261d4cb98b.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
2.8MB

MD5
fbc7af2c92b75c77177e104add17c7b5

SHA1
f41a88b31d72fc1acd09969cb6d1ce13ef4269b6

SHA256
0e09593e2842a29eefc23ca9284b97b9a0cf707bb8d6de61da78578f74d4e64d

SHA512
2ace2f9369e087987c110e99e61a063467f0af0cbac4108a2f10442b1815508cf15c4489384426dc97ece3e9b331060077f5405b41956d5cf258633f42202075

Download Submit
memory/2964-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2964-482-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads