6c7df336aa03fc91ec3e835f0dad6377bb821742797469cd63bfcc1a50c19bcb

Analysis

max time kernel
132s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

29ae155d51413b35bd0828f109b147a2.exe
Size

1.8MB
MD5

29ae155d51413b35bd0828f109b147a2
SHA1

088fc91061f1474a62b118f8a798175d147d7358
SHA256

6c7df336aa03fc91ec3e835f0dad6377bb821742797469cd63bfcc1a50c19bcb
SHA512

ae6731e6295fd38bf8f1911e89c20be9b128466147f4ca9ab2f64b9aeefd0b0710f9a1d51ff50e25dd317c161972d5e53770ff099fe1eb8da7fecc7eb7efb09f
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq0:SCqm2Jpr0nNM7Dus7NxJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1728-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0029000000014b90-5.dat	upx
behavioral1/memory/1728-577-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	29ae155d51413b35bd0828f109b147a2.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\com-sun-tools-visualvm-charts.xml	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kuching	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\HST10.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Framework.dll.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Windows Mail\es-ES\WinMail.exe.mui	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\ResolveUse.vdx.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\ja-jp.xml.exe	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Petersburg	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\MANIFEST.MF	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Java\jre7\bin\zip.dll	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\ktab.exe.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Vostok.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.exe	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwasapi_plugin.dll	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chatham	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-lib-uihandler.xml.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.jsp.jasper_1.0.400.v20130327-1442.jar.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Ojinaga.exe	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-14	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstat.exe.exe	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Microsoft Office\Office14\VISSHE.DLL.exe	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Windows Journal\ja-JP\JNTFiltr.dll.mui	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_gather_plugin.dll.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-jvm.jar.exe	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\1033\Mso Example Intl Setup File B.txt	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtimecode_plugin.dll.exe	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\msgfilt.dll	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Windows Journal\en-US\PDIALOG.exe.mui	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.jpg	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Data.DataSetExtensions.dll.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\vlm.html.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\icons\alert_obj.png.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Mahe.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Mozilla Firefox\update-settings.ini.exe	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\misc\libexport_plugin.dll	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jre7\lib\ext\sunmscapi.jar.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\System.ServiceModel.Resources.dll	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\WindowsBase.resources.dll.exe	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Australia\Perth	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Fakaofo.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libnfs_plugin.dll.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_zh_CN.properties.exe	29ae155d51413b35bd0828f109b147a2.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe	29ae155d51413b35bd0828f109b147a2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libmotiondetect_plugin.dll.exe	29ae155d51413b35bd0828f109b147a2.exe

C:\Users\Admin\AppData\Local\Temp\29ae155d51413b35bd0828f109b147a2.exe
"C:\Users\Admin\AppData\Local\Temp\29ae155d51413b35bd0828f109b147a2.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
4530923a17e2b0b8cfe374145c5110eb

SHA1
f57d6a342165ca38194bd4edb0bcefb4bff985f4

SHA256
d470c1ac509d4ea31b8a0b6f93a1f3d88a013638dba8263494db6cf357f648cb

SHA512
d42b805458696d94009d0a8c36346ba29f5194dcd94a6f9e130ee33e1b2ac882b12bfbed8adb72de1ae56104691da7f0b862030ddf23a68749209c8bf8a629c9

Download Submit
memory/1728-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1728-577-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads