c0090221c93d5af867d6ea1f7039089b6df3dadae9b7eedd271dbbd02f10e09a

Analysis

max time kernel
121s
max time network
155s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 11:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1a9ec2dbcdb5d76a728419dfa865fa3b.exe
Size

1.8MB
MD5

1a9ec2dbcdb5d76a728419dfa865fa3b
SHA1

71a59231f854967a303a3139626a3d97c40a7b0a
SHA256

c0090221c93d5af867d6ea1f7039089b6df3dadae9b7eedd271dbbd02f10e09a
SHA512

72a0708f40eae3ed6a8cbcaec1dcafe5c9dee214e19f9eab92103ec58a919276b96a8835d78c7c09230374eeb6e4503f0f48c71470e788e6f1d39f9ab22ad65f
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHl:SCqm2Jpr0nNM7Dus7Nx2F

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2576-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x000d000000013a04-5.dat	upx
behavioral1/memory/2576-24-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	1a9ec2dbcdb5d76a728419dfa865fa3b.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.DLL	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Blue_Gradient.jpg	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOLoader.dll	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InputPersonalization.exe.mui.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\readme.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOInstallerUI.dll.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg.exe	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll	1a9ec2dbcdb5d76a728419dfa865fa3b.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	1a9ec2dbcdb5d76a728419dfa865fa3b.exe

C:\Users\Admin\AppData\Local\Temp\1a9ec2dbcdb5d76a728419dfa865fa3b.exe
"C:\Users\Admin\AppData\Local\Temp\1a9ec2dbcdb5d76a728419dfa865fa3b.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2576

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
685KB

MD5
c8aa2b6b350dbf5726cb8be657a9b79c

SHA1
f7a03deec1ef824e969962e0ae712cf126eb3bb9

SHA256
1dc26a4adb6df88e4ea3f27568afb03d25b76bdda451f0f3f6b052af4cfa5e00

SHA512
a7b19a6b8dc4a146b0710fcfbc4eac95ea3ad8b03e032bcf6a1202abfed1655c499bb55bb350c6fb90df21aa3a13f066de54cfe240ca15750ed77cef15b00771

Download Submit
memory/2576-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2576-24-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads