1eee88b544f27914b057db81ec48b63e0e739fcc983b01d5e22f4f18e9bf5bad

Analysis

max time kernel
149s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32c030be95bae70b2a9b3041d1144658.exe
Size

1.8MB
MD5

32c030be95bae70b2a9b3041d1144658
SHA1

0e44cfa5b88338eb75702e248503ace79851bc2a
SHA256

1eee88b544f27914b057db81ec48b63e0e739fcc983b01d5e22f4f18e9bf5bad
SHA512

cad93c85d16b75b5c682ba293a6ba7cc8dffd046317191a814990fd38392a48e428da4813415fb92944ab6a14c3d28da98f30ae5f243efa43f2073025c33b5db
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHK:SCqm2Jpr0nNM7Dus7Nx2q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5048-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227bf-5.dat	upx
behavioral2/memory/5048-388-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-debug-l1-1-0.dll	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-interlocked-l1-1-0.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-string-l1-1-0.dll	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\libEGL.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME-JAVAFX.txt.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\tabskb.dll.mui.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\ConnectImport.hta	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\Welcome.html	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad\auxbase.xml	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-0.dll	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-PT.pak.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.exe	32c030be95bae70b2a9b3041d1144658.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.exe	32c030be95bae70b2a9b3041d1144658.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui.exe	32c030be95bae70b2a9b3041d1144658.exe

C:\Users\Admin\AppData\Local\Temp\32c030be95bae70b2a9b3041d1144658.exe
"C:\Users\Admin\AppData\Local\Temp\32c030be95bae70b2a9b3041d1144658.exe"
1⤵
- Drops file in Program Files directory
PID:5048

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
c6102c72faf0fdadb5ec976735b1fdb9

SHA1
68a78e200694ae2468556be55eceab0ab26af8c4

SHA256
be021a592404f701f1a959e6b3cea5483d71cbb83ec85bc46675045ca0b7a68a

SHA512
cc5dc1c52241eeb5b0c3a4818c57522e0d566eaa57eb43601d281c950d155ba0182ed68e89ceb89f95b9b374baa4fa036ca0ebdf8a46394bd531bdfa4b0d8815

Download Submit
memory/5048-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/5048-388-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads