28a2139d1107148d7e258e885e9b4742c0e058919c3d8961aa3f3a685182aba9

Analysis

max time kernel
6s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 09:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

147b042f92ca36b956b8615ba32ee825.exe
Size

937KB
MD5

147b042f92ca36b956b8615ba32ee825
SHA1

140217dd40cc390ff5457331073f86c906f033f8
SHA256

28a2139d1107148d7e258e885e9b4742c0e058919c3d8961aa3f3a685182aba9
SHA512

e51b9ebd0c6b4f866501c43f83b363be01e512f3bd6ee41f441db64db79f8c8c302145edf720073174bf2125fb1ad6821980aa0d421f7434d80aeb07c3f345af
SSDEEP

24576:lpi6eMDSwaeH8wpZ1FGgmfOCa+uRgiNOC:lpowaeH8+Z1pmfOj9N

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000c0000000133ba-6.dat	upx
behavioral1/memory/2852-0-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2852-3669-0x0000000000400000-0x000000000040F000-memory.dmp	upx
behavioral1/memory/2852-3673-0x0000000000400000-0x000000000040F000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SCANPST.EXE-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Windows Mail\wabmig.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jre7\bin\ktab.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Windows Sidebar\sidebar.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPREARM.EXE-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jre7\bin\rmiregistry.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	147b042f92ca36b956b8615ba32ee825.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ashgabat	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Mozilla Firefox\pingsender.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Windows Media Player\wmpshare.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\FLTLDR.EXE-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSTORDB.EXE	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLED.EXE	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\MSACCESS.EXE-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\PPTICO.EXE	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Windows Mail\wab.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Windows Mail\wabmig.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Windows Media Player\wmpenc.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Internet Explorer\ExtExport.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\SETLANG.EXE-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.bat	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javah.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\klist.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jdb.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\SmartTagInstall.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\106.0.5249.119\chrome_installer.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\GRAPH.EXE	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Windows Mail\wabmig.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\policytool.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Internet Explorer\iexplore.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\ktab.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jre7\bin\jabswitch.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\klist.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Windows Media Player\wmprph.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\A3DUtility.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\keytool.exe-	147b042f92ca36b956b8615ba32ee825.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\explorer.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\ehmsas.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\mcupdate.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\Mcx2Prov.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\bfsvc.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\mcspad.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\Mcx2Prov.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\RegisterMCEApp.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\ehrec.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\McrMgr.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\wow\ehexthost32.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\mcspad.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\wow\ehexthost32.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Boot\DVD\PCAT\etfsboot.com-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\ehmsas.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\MediaCenterWebLauncher.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\hh.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\ehrecvr.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMConfigInstaller.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\MediaCenterWebLauncher.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\HelpPane.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\mcupdate.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\fveupdate.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\NETFXSBS10.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\ehrec.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\ehvid.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\loadmxf.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\ehexthost.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\HelpPane.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ComSvcConfig.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\WsatConfig.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\ehvid.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\fveupdate.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\CreateDisc\SBEServer.exe	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe-	147b042f92ca36b956b8615ba32ee825.exe
File created	C:\Windows\ehome\RegisterMCEApp.exe-	147b042f92ca36b956b8615ba32ee825.exe

C:\Users\Admin\AppData\Local\Temp\147b042f92ca36b956b8615ba32ee825.exe
"C:\Users\Admin\AppData\Local\Temp\147b042f92ca36b956b8615ba32ee825.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7zFM.exe-

Filesize
93KB

MD5
f57ef3e7647387dfbaaadc6c8d593dab

SHA1
dac8eee9f3b674fa5529637bc034de481da542d0

SHA256
c39a2c61937a3d6313ab423a98e8b58172b719768affa348bfbdd6dc0e7f8d42

SHA512
25ba79fee472d0b860cecc8e7f5b275e06e5e3de1db2b0eb15676a3fe8eb36999ce67c3aef93e3935c2affc928e78a471367257bf7a521098b154649e746b972

Download Submit
memory/2852-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2852-3669-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/2852-3673-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads