ea443598d3c1a014727cf218687687741dbd2414894344539b2a2fba29663b6e

Analysis

max time kernel
143s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 13:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

209cd212e5508af17f65bb2da56eb11c.exe
Size

1.8MB
MD5

209cd212e5508af17f65bb2da56eb11c
SHA1

90936659f25f350a80ad806ce39db8ac5b7aa8cf
SHA256

ea443598d3c1a014727cf218687687741dbd2414894344539b2a2fba29663b6e
SHA512

54d0c68223805fdc0b10540b44776657ffc1a85eed8feb91068817d3fb8f0e0e35a4d3f3832aa4ad0ad5fa8986590de5f3d6fb4b94ff7c2f90ad1203ec95d6aa
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqM:SCqm2Jpr0nNM7Dus7NxB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2752-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x00350000000155df-5.dat	upx
behavioral1/memory/2752-584-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	209cd212e5508af17f65bb2da56eb11c.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\TipRes.dll.mui.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6CDT.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\eclipse.inf.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives.nl_ja_4.4.0.v20140623020002.jar.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\EnableHide.jfif.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libspeex_resampler_plugin.dll.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\es-ES\MSTTSLoc.dll.mui	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net.nl_zh_4.4.0.v20140623020002.jar	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Mozilla Firefox\updater.ini.exe	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_ko_KR.jar	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-1.exe	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\DVD Maker\es-ES\WMM2CLIP.dll.mui	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jre7\bin\mlib_image.dll.exe	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\zh-dayi.xml	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_winxp_blu.css.exe	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository_1.1.300.v20131211-1531.jar.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-sampler_zh_CN.jar.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-selector-api.xml.exe	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Java\jre7\bin\dt_socket.dll	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_shmem.dll.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-actions_zh_CN.jar.exe	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-host-remote_ja.jar	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Chisinau.exe	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jetty.continuation_8.1.14.v20131031.jar	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lv-LV\tipresx.dll.mui.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Miquelon.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4_default_mru_on_win7.css.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\.lastModified.exe	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\fr-FR\Chess.exe.mui	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\META-INF\MANIFEST.MF.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\prodbig.gif.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-editor-mimelookup_zh_CN.jar.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_dummy_plugin.dll.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-spi-quicksearch_ja.jar.exe	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\org-netbeans-modules-profiler-selector-ui.jar	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-profiler_ja.jar.exe	209cd212e5508af17f65bb2da56eb11c.exe
File opened for modification	C:\Program Files\Java\jre7\bin\jsoundds.dll	209cd212e5508af17f65bb2da56eb11c.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.exe	209cd212e5508af17f65bb2da56eb11c.exe

C:\Users\Admin\AppData\Local\Temp\209cd212e5508af17f65bb2da56eb11c.exe
"C:\Users\Admin\AppData\Local\Temp\209cd212e5508af17f65bb2da56eb11c.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
d99df4a66508fc3deb39430803de7c54

SHA1
d11f0466fac7343f1c3033231a75a90f869c00b3

SHA256
e9d0a33538aebeecb04cf2824ef7f9dae45a3f2c18e4f2075e959cf15d98a701

SHA512
675e94debacd05b1c7e267e3e3c62c4aa2f74333210ed4778794bbddd5e287c17761f94f19a390448d95b64b6749d639a3d894a4b46a5718a0adbdf8232be5ca

Download Submit
memory/2752-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2752-584-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads