d5d6571fcf8192f1effb55c8a4a78b5e62fe17a5954b9138d3f5b284d882dac7

Analysis

max time kernel
5s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

101085a2bcc67f83f632194971550190.exe
Size

1.8MB
MD5

101085a2bcc67f83f632194971550190
SHA1

cc95db1d1b67b734606be0498351384b2e7c2bba
SHA256

d5d6571fcf8192f1effb55c8a4a78b5e62fe17a5954b9138d3f5b284d882dac7
SHA512

805a6af167f69dd7f8b1eddd5891a615bcd98426889a4437bcf4d3875a3ec007817b12064a68975f6b70e56285c12b0bc34e0b9a11076d1c3498569c557c8e0b
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqh:SCqm2Jpr0nNM7Dus7Nxc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3304-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228cc-5.dat	upx
behavioral2/memory/3304-5600-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3304-13421-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\7-Zip\7z.exe.exe	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\ShapeCollector.exe.mui	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui.exe	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\ado\msader15.dll.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.exe	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\ado\ja-JP\msader15.dll.mui	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll.exe	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.exe	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml.exe	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\wab32res.dll	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.exe	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\wab32.dll	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.exe	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll	101085a2bcc67f83f632194971550190.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.exe	101085a2bcc67f83f632194971550190.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	101085a2bcc67f83f632194971550190.exe

C:\Users\Admin\AppData\Local\Temp\101085a2bcc67f83f632194971550190.exe
"C:\Users\Admin\AppData\Local\Temp\101085a2bcc67f83f632194971550190.exe"
1⤵
- Drops file in Program Files directory
PID:3304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
33KB

MD5
cb731ec5600be3c47a716c7384643fb1

SHA1
a847471d3f52c4471fec99e0b45207f269bef767

SHA256
f634dea2c345a7eeff63d5a30ae3298d130763bf3e9a9ec2f156b9b78a83e972

SHA512
d8869a91d8172b3f5bd8ebeee80a4f4a68a2b84404a4262740d05fc788d4c03bccc6c9082183ce871a8fe37beded73c57b9bc4b063d1a8b10a997300adf88bcc

Download Submit
memory/3304-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3304-5600-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3304-13421-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads