67cca9086646e2b3d3e50fc18cc9ad4022724a9912d7866574a737afc032de22

Analysis

max time kernel
165s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11832fb4a37513aeb3cdbd5cbb722d56.exe
Size

1.8MB
MD5

11832fb4a37513aeb3cdbd5cbb722d56
SHA1

c84dde469d232f7cc0afc07c8713745c0b218382
SHA256

67cca9086646e2b3d3e50fc18cc9ad4022724a9912d7866574a737afc032de22
SHA512

1c204510ad51a36026c8f58ff2d7f0fe514d90cb687abe66475be8258f7dd23f7f13c2c9a8aa7acd2323557083422ece69a174d7ceb2fd73d3714bf378935ec7
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqC:SCqm2Jpr0nNM7Dus7Nxv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2068-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022849-5.dat	upx
behavioral2/memory/2068-764-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-xstate-l2-1-0.dll.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ko.properties.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Grace-ul-oob.xrm-ms.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.OneNote.OneNote.x-none.msi.16.x-none.xml	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul.xrm-ms	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Java\jre-1.8\bin\decora_sse.dll.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Java\jre-1.8\legal\javafx\icu_web.md	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-environment-l1-1-0.dll	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tipresx.dll.mui.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\LICENSE	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\plugin.jar	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Microsoft Office\ThinAppXManifest.xml	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\mshwLatin.dll.mui	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\jni_md.h.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Java\jre-1.8\lib\javafx.properties.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-CN.pak	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-synch-l1-2-0.dll.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\sunec.dll	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\InputPersonalization.exe.mui.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\d3dcompiler_47.dll	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\images\cursors\win32_MoveDrop32x32.gif	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_OEM_Perp-ppd.xrm-ms	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Java\jre-1.8\bin\dtplugin\npdeployJava1.dll.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\fxplugins.dll	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\hprof.dll	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\j2pcsc.dll	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\AppVDllSurrogate32.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessRuntime2019R_PrepidBypass-ul-oob.xrm-ms.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-filesystem-l1-1-0.dll.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-core-localization-l1-2-0.dll.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Retail-pl.xrm-ms.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Java\jre-1.8\bin\glass.dll.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-math-l1-1-0.dll.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak	11832fb4a37513aeb3cdbd5cbb722d56.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak	11832fb4a37513aeb3cdbd5cbb722d56.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe.exe	11832fb4a37513aeb3cdbd5cbb722d56.exe

C:\Users\Admin\AppData\Local\Temp\11832fb4a37513aeb3cdbd5cbb722d56.exe
"C:\Users\Admin\AppData\Local\Temp\11832fb4a37513aeb3cdbd5cbb722d56.exe"
1⤵
- Drops file in Program Files directory
PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
ded574fd9ab4ef0dfbf290f8f5b8815f

SHA1
47169a337039fa2d689e4e125a7fae2cfff8386b

SHA256
dc0b63a622983e5d21e18651c4fdf44f3c2aac1dc4cd0d4034d3b6208223d0df

SHA512
e9221d40d8d6d45635cee86a247f50e702efc9844308b9ce5d3b29a4e56e1f1f3b90bfbb69aaee8661743934b815048b6b54f88affef6ccc12b3c1e2ba8dfd20

Download Submit
memory/2068-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2068-764-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads