68f5dc0789f5730c3d4e2a05219e7e7331db265374e6de8773734a03aa05b0d9

Analysis

max time kernel
146s
max time network
30s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 12:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e1b641e1ee52766551ac941e9c1ca71.exe
Size

1.8MB
MD5

1e1b641e1ee52766551ac941e9c1ca71
SHA1

b0926d5e5f1392785ecbb6fe07030b4abb8cb411
SHA256

68f5dc0789f5730c3d4e2a05219e7e7331db265374e6de8773734a03aa05b0d9
SHA512

54b3cfb383a991e0123129c6c1307da038ee812ed05a0d990cf445005eb2eb618d883c93589b07d6fd0f26c05ba1a8a81738173274fa879c91e605fda1f051b4
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqLx:SCqm2Jpr0nNM7Dus7Nxc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1896-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002c0000000155f7-5.dat	upx
behavioral1/memory/1896-622-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	1e1b641e1ee52766551ac941e9c1ca71.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Port_of_Spain.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\System\wab32res.dll.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mshwLatin.dll.mui.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Bishkek	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabIpsps.dll.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+10	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\decora-sse.dll.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Samara.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresmlm.dat	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\charsets.jar	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Rome.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeulm.dat	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dcpr.dll.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\rmiregistry.exe.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\System\wab32.dll	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\he.pak.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Monterrey	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Ndjamena	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Luis.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\El_Salvador.exe	1e1b641e1ee52766551ac941e9c1ca71.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv	1e1b641e1ee52766551ac941e9c1ca71.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JAWTAccessBridge-64.dll	1e1b641e1ee52766551ac941e9c1ca71.exe

C:\Users\Admin\AppData\Local\Temp\1e1b641e1ee52766551ac941e9c1ca71.exe
"C:\Users\Admin\AppData\Local\Temp\1e1b641e1ee52766551ac941e9c1ca71.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
786a2a6bcb1799040acbaf8775d48839

SHA1
27ff164bcc3a18a9f3d069f2132b53b3571d3e3d

SHA256
24430893bf45f336772aaec1902e894b4ec9e1ad18249e498dc0e3c1eca49967

SHA512
aa215ebe432afe237472ca4e30ed81ad6489f235d975ecdd059439c3c7fb60010bee14cf01f48083018350ba45eb7ba7fbcdfb4edee3b12a33a25016a27e559a

Download Submit
memory/1896-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1896-622-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads