0fc7e6ca1899e9f6bdaf61a8aacbde9d82b376ab53bd53862d046a006710ea19

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 09:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1459963159a1f6e2f266da26527c8602.exe
Size

1.8MB
MD5

1459963159a1f6e2f266da26527c8602
SHA1

cb79259656b97cd56df7560355353c79a9a12ff3
SHA256

0fc7e6ca1899e9f6bdaf61a8aacbde9d82b376ab53bd53862d046a006710ea19
SHA512

e5e8d9055f369fb657cbdef151ddad40ce2b98b5ca4e343b52b4f128d5c5f4f632b74c926817b1e6c9a9b6bced7f5fdf3ec4e3739648fadbf3c2478b310d353b
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHM:SCqm2Jpr0nNM7Dus7Nx2s

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4092-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00070000000231ea-6.dat	upx
behavioral2/memory/4092-503-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\ado\msado60.tlb	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2native.dll	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\rt.jar	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\xalan.md.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glib-lite.dll.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jdk-1.8\bin\ucrtbase.dll.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\jcup.md.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jdk-1.8\legal\jdk\freebxml.md.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\mesa3d.md	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java_crw_demo.dll	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11wrapper.md	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\mesa3d.md	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\decora_sse.dll	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsel.xml	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\pkcs11cryptotoken.md	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-convert-l1-1-0.dll.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.VisualElementsManifest.xml	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\resources.jar	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\tzmappings.exe	1459963159a1f6e2f266da26527c8602.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\management-agent.jar.exe	1459963159a1f6e2f266da26527c8602.exe
File created	C:\Program Files\Java\jre-1.8\bin\fxplugins.dll.exe	1459963159a1f6e2f266da26527c8602.exe

C:\Users\Admin\AppData\Local\Temp\1459963159a1f6e2f266da26527c8602.exe
"C:\Users\Admin\AppData\Local\Temp\1459963159a1f6e2f266da26527c8602.exe"
1⤵
- Drops file in Program Files directory
PID:4092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
8e3da140c5f87b846da2f30fe7b86460

SHA1
4232caeccd650fd7bec1429e25156ed3cb08c695

SHA256
98ff3e9933f5d8f219a576cc4e53c0775efaab4c2e7ee3eac6d5c017e1909fea

SHA512
d20b47f9c9f9a00c4c37e572a0976076ac994859e31bed211e1b2b3521dc0c22e19fbf8a7f35296636e8eee9937a00eb443db1ba4f500862de39defe1b7880c8

Download Submit
memory/4092-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4092-503-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads