7fa797e78b0cb7a637bdc2f2174169b77b96cb16458c89ea48bfc55a761f2d2d

Analysis

max time kernel
148s
max time network
155s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32c41f8584eaf7d49a44156fb0d3b5bf.exe
Size

1.8MB
MD5

32c41f8584eaf7d49a44156fb0d3b5bf
SHA1

b9096724a8dca7ff114b38df4b998e2b5ca0c559
SHA256

7fa797e78b0cb7a637bdc2f2174169b77b96cb16458c89ea48bfc55a761f2d2d
SHA512

8f5ace87e27a33ba6d5a09a619b886ea0a9691f26620d8e7e1d6ec45bd3f44c8c55cfdbe566f7e0caf8ee90db7a9894d8655186573c36a69b7efc2c8252d090e
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqN:SCqm2Jpr0nNM7Dus7Nxw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/560-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0009000000012258-5.dat	upx
behavioral1/memory/560-22-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	32c41f8584eaf7d49a44156fb0d3b5bf.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\et.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stars.jpg.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsPlugin.dll	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOMessageProvider.dll.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\7-zip.dll.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\ja-JP\msinfo32.exe.mui.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shorthand.emf	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\To_Do_List.emf	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\kab.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\descript.ion.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Month_Calendar.emf.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Sand_Paper.jpg	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tiki.gif.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Dotted_Lines.emf.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\es-ES\msinfo32.exe.mui.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\7z.exe.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\CsiSoap.dll.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	32c41f8584eaf7d49a44156fb0d3b5bf.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.exe	32c41f8584eaf7d49a44156fb0d3b5bf.exe

C:\Users\Admin\AppData\Local\Temp\32c41f8584eaf7d49a44156fb0d3b5bf.exe
"C:\Users\Admin\AppData\Local\Temp\32c41f8584eaf7d49a44156fb0d3b5bf.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
f625c93375fa7da430604586a45de73a

SHA1
8a700945b04360e22a2af9abebdc4abcaefa91c7

SHA256
348bf20c15f365d2edc94ff2d9d606d4bb342f4f2585c9c4af623d8531496a8b

SHA512
6cf030a85efd4392eb3aff50328bd3a19911c0e5bce2c0db14fefc68dbf68d7c6949ccf745915ae53d527fc731258148db76670082b7810256fcf398bb68d9d8

Download Submit
memory/560-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/560-22-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads