a69b4cb7f02afacbc587dfaee6e757e48ff12129be1cb75d5c4feb8578aa9e3c

Analysis

max time kernel
178s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 18:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3491608e0e42316c50197f1334520747.exe
Size

1.8MB
MD5

3491608e0e42316c50197f1334520747
SHA1

4734e0b6da79f83075f3c5b33b092d030ac1fe61
SHA256

a69b4cb7f02afacbc587dfaee6e757e48ff12129be1cb75d5c4feb8578aa9e3c
SHA512

b55d8da814b2e7e8b7f34a28807c71a7fc2882ec6ae119ba100cb6793b9ccf002d3ca297d7be8f9ab17f700bb2286f1da57192a3f0e2158a95cfe01ee0981c11
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHW:SCqm2Jpr0nNM7Dus7Nx22

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5040-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022791-5.dat	upx
behavioral2/memory/5040-299-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\am.pak.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-errorhandling-l1-1-0.dll.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.exe	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\7-Zip\Lang\hy.txt.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java.exe.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmic.exe.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.exe	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-1-0.dll.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.exe	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\FormatUnblock.mpeg	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jhat.exe.exe	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\System\ado\msado25.tlb	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.exe	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\nl.pak	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.exe	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sv-SE\tipresx.dll.mui	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll.exe	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-synch-l1-2-0.dll	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.exe	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\vcruntime140.dll	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\symbase.xml.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\dtplugin\npdeployJava1.dll.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml.exe	3491608e0e42316c50197f1334520747.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.exe	3491608e0e42316c50197f1334520747.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui	3491608e0e42316c50197f1334520747.exe

C:\Users\Admin\AppData\Local\Temp\3491608e0e42316c50197f1334520747.exe
"C:\Users\Admin\AppData\Local\Temp\3491608e0e42316c50197f1334520747.exe"
1⤵
- Drops file in Program Files directory
PID:5040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.1MB

MD5
c785ac69d7be5d0fc08a77e3bf2891bc

SHA1
71f192100f6431dee6fd478b4adcfd5d20675b5e

SHA256
b8557572214d7d1eb4be33f11e92b053c0177e5137d746088bd359d9afd03d47

SHA512
59d7c3872b0697aa460e543445a440813f030985c94d8f2b145436cedfecc4c507be9484b6fee026bdf395f152b6580f71812333e58cc2fd82832de8627bbda5

Download Submit
memory/5040-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/5040-299-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads