Overview

overview

7

Static

static

7

395bb6aed8...8f.exe

windows7-x64

7

395bb6aed8...8f.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    21s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 19:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    395bb6aed801f11ae9a1b8e42530f88f.exe

  • Size

    1.8MB

  • MD5

    395bb6aed801f11ae9a1b8e42530f88f

  • SHA1

    6ea4f6d53beabb4f03676505a819ce45388c9945

  • SHA256

    062ff24505e0275f725e911e9a4bdbb1b3c765139f6985f27aa0142f55bb6fbc

  • SHA512

    9fd344a66b49e8cbae66f2fadde7e45bbba36b2f7f0f579edf49e95a4087db257b327f43c7b9b81d18d315e9ec9ca2e1938c6d961c64a356cc5769b05a72b2e5

  • SSDEEP

    24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHB:SCqm2Jpr0nNM7Dus7Nx2h

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 33 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\395bb6aed801f11ae9a1b8e42530f88f.exe
    "C:\Users\Admin\AppData\Local\Temp\395bb6aed801f11ae9a1b8e42530f88f.exe"
    1⤵
    • Drops file in Program Files directory
    PID:512

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\7-zip32.dll
    Filesize

    234KB

    MD5

    53f65f6c2326e7b89963b739123100f2

    SHA1

    9cd40dff368721db9c333b3a21e502bfcce701a8

    SHA256

    0c225543661526063f11ae4b739b5ede414adbe67a85b75e09a73bf01f996891

    SHA512

    8945caff18981ed66e4d7a8e5ef67348cf3020af15ad0222388318b3be85496bb5af60440415589b87daac8f3899c5fa04aca3110224662a3add13d53ed82f28

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    13KB

    MD5

    902e8342d7477dd819be409619d89984

    SHA1

    a4c0d149cc81d03b35df581aefbbb13e3093f3dd

    SHA256

    baa621bf16098cf8f7d9b562cf5566616c0caeab653a47d31c912e5f1b19465d

    SHA512

    e7db091b9a095c1e5cb5cc9273482e4eb550c5227ae321cc1cbc0960b0630edc84b32ba914e972bc152dffe802841eb05226b39a78061e520cbd2a92ee9ccd0e

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    16KB

    MD5

    99f6f84c72853282bf9791191149e176

    SHA1

    c1a627ac9781b9ea36e09282dcee3c6e34b6930b

    SHA256

    32c776aa55b10a97ecb7c56a89c2051eeddf676524ca6aea8def8c96f9f9eac5

    SHA512

    bdc0bb9757210bca579e7fc9af2b5e62528768a348596b80023e8439ff7e3a67eb9c63dac0e6918b3293cb380f8b1ad9ecefd2571456a804121c4e93f48cb80b

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    5KB

    MD5

    a348ddf0b31a86eeb8ff7ee82b667155

    SHA1

    560f01760aa6082c01c117b9b0ecb78b5496d66f

    SHA256

    4b96a4de171ab707be2551cb5953ce28ab0642c30a6c108077169d57aa6dcd96

    SHA512

    85187965f742f854ef4254066f0857759cc60c50167725b0d63b167ff244d6113aca3a5bb270a5a2856256c8825dca41a32fd2126d28fc2a34b1472c72b7adef

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    41KB

    MD5

    04577c4e477377814e7006d789769518

    SHA1

    3d0883a0dfb7eff3e68f624eea3868ae1dcff820

    SHA256

    c7e4c6a1fe9b234e74165df09816af05ece1b9e55d072b2232799c6fdcdffea3

    SHA512

    e649fd9e8bf5a9cc4f90977fb2ec3ef64fa5d845766889f623420c597e38654da6d982ef3e410e43cc50029b6b4b414147cfa9d14f85f6c844388816ab0c01ec

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    18KB

    MD5

    1da52a360852dcd558b25e214db4995d

    SHA1

    4912915ea5d8588cd21e4aaddb7efe1c9fe35044

    SHA256

    b5710df7f681bf891bccd1b03e1968a2d07992884ec7dddfcc3f3660ef14dee4

    SHA512

    9b6103ff5bd7750c1f597310382ed639f27b4a9e7dbb18b500a664f9627faf8f70cd5ccfd5aa33154ba07bb36a5be51fc9479f06a0fbc9206d445d9e0e9d6865

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL
    Filesize

    21KB

    MD5

    25ea95d4a6039d17ffb7d52bd03a482a

    SHA1

    bcf3e1d3bcaa72d2bd4fb98917fea44b8855a7bb

    SHA256

    14d0af184ec6708a301afbeeeb4e42fc3517295c3acbb27ea34ff75784752217

    SHA512

    ff5eb2be494db6badff456e1e035c1d6b6ec8281e8ccfdddbe62c3addec36495221a17a8f30f3f752fd2b0caf1b1e48a186bba3cbb54743333619f9ecea27148

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    56KB

    MD5

    a036d3c16f29377a276e21e0081215dd

    SHA1

    595611463523fbd3315b237165903ac33ee16d39

    SHA256

    10345e0d47a4c2142960fe4ec4e7cae089e3668201c5c9cb22a700605ad63d6a

    SHA512

    31310e8c4f819398fe24e5df7ac5014829b18e8e747d3689964e47dadd59869f7f9fb2424d86edc9781e2ccc3236444874c6df0e7e5862f2154c9ca38740c93b

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    78KB

    MD5

    256fffe31c2980df0aa98859ca244db9

    SHA1

    53789c712bdc14a93e690e2182e188cc8775f927

    SHA256

    6eecc115ac86710616e4da2d13eb912f99d31fd9efc491197c1f580fc2ced1c2

    SHA512

    07259c48c52b7d6ebaaa8b9a01eac02169b93fa0b204a1c57682ec783fc494b335b807dea0b4627a8a1fd136e7076f833e9b27ffa833dbd22d71433eea759160

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    59KB

    MD5

    f3db4b4247c5475696e9ec4b12338231

    SHA1

    28b7c4665d1264c420ec4297e7f798b3bcf699cb

    SHA256

    7fe7b7d2eeea319cee3403670c9c10a81ab49512b484538b45bba3cbcc384b9c

    SHA512

    538e1bb3522636fc847bd27453f25eac36bd6f13861c9dd57e71f6b59def9187c602397b1a1ed2666abf4911d4c301d1cf12e16ff757e05bdad3e8a5dade5018

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    92KB

    MD5

    94d0a59e3e1f8034cf928876b525b2e7

    SHA1

    30600a6adaa67b9869a92bdcd1fa14b38632e150

    SHA256

    ed4e1966cd563d7725bc4d87fc6c03e4f2c170a015dc364b4ab9dbe923de852c

    SHA512

    42d76e865408a314eac1a5158ec5b09058b07b0672ae4850e495ab029b40115e52037bd0248ddf546139aee00a78b442dbee2b5e56bf5653c42d45a5d64271bf

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    119KB

    MD5

    8952e454d16074bca9708b66f81f2826

    SHA1

    cbb31308f4e2b0fcf9a14e0656188fcb3825a48f

    SHA256

    997e1ac412b38ceea5534339d644b232d872541774623c08ff1b5757ecea6766

    SHA512

    4457ff60478bd6e6e1ce99ef34bad0001c435cb7120e163db7bde8b456caa9620b30817e9d81318674ed3627e58e4c2bf19061189a162196390b3a82012d53e1

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    44KB

    MD5

    9ecb51a455839fea1f36d8eadcc56f91

    SHA1

    93adc115b2fefb38ea8f3597dca7de5d7cf617c8

    SHA256

    59fb069a401b8eca64eff739d79479c3643df9be08f316bf024cc78723b62d03

    SHA512

    745cbfcbfcd1b7f067b85fa511167fcd9216b09421880f6345c965d0e7b3b745ee30b8f8d62bd0cef363300ed14532ea11d897bb2faaa7861891f1bbbabd0bbb

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    99KB

    MD5

    a6bc73133f09d9e79b3b68c49d275ec9

    SHA1

    e4e22753ba5a1ee49d180563322d8e5a31312525

    SHA256

    1fa7aa8cb9473dbe848b2fdfecd77bb0bcae12f437a661b824b2625c8af30a39

    SHA512

    d12d8b3aa8967900bbc029d32e22def51e876c94ccc4366866501a3067ebe49180d761b7ad274cd5641708cffb7ecd7d4a5b7c93f647db0187fb1a83e664449b

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    48KB

    MD5

    a8c22559e099b4b8f82b30a197dcb0bc

    SHA1

    e3a9af54d9586681e954b75f6fa7890aea59f673

    SHA256

    4cbd8d5e04a0200c70d1588ee3d6222a05bfec14dc752a14a348c1f65f422eaf

    SHA512

    4c8dff92b1ef75bfb6883ff9d4015fe7a70276748e1735a0c8d3fd05e1aef7ed7a97aa1051189db66056751553eccfba062f48e73c2547b10a11a6b941a8dbe5

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    71KB

    MD5

    2b7a0c10cb5118aed5e7c30d067afefa

    SHA1

    f883b1b31c557dd62d12c7f78f6f4b7edf018881

    SHA256

    cb747abedbcc79b7acef4636346d7dcfc57081fbabfad1aa938e61eeb4084e58

    SHA512

    469a537921b51f7c857cd10e0ae7d906f05ae5354a800038ed7f21ea45808a261e9d5af6e6fcdfb3ed7b8009c967dfdbc831c9509171aa739117c3b7e0d5e808

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    32KB

    MD5

    f901524b4e5bb1027b57867379465bc2

    SHA1

    2069fb5a19fe4a1cf45f2b963dde1d42879bef03

    SHA256

    781d00201c4a41ced1bb8b875dde2798022e02429a6ace07c19394b97d59af53

    SHA512

    1d5efbe562df99aab3ea8ccfb3f03a6e3be4c7ace1c9af992a2ce5593a250fb0b02361e1206574c5dde9a45b3cec1194eea16896e78400ac0234a0a700b3f280

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    58KB

    MD5

    fedd76dc43bd22c626b5bede7e7210f9

    SHA1

    00df41278f97d7733cad26428e5039d3863eddee

    SHA256

    5fa2ff2402ccd9296a6abcce64140077310dd39f3e9ba8198a81a818809ec30b

    SHA512

    8b3fa586e3993b16288b2a29854f3c8d30f47d03daa262238624fb5c6d61d17fd903e639cd59853904a25309363cc0d026002a1651754f42925eff845f909462

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    39KB

    MD5

    310a03cf9b67800cb86463527745caaf

    SHA1

    48d6b21d0855086a038f25bdde97be0ad0230da3

    SHA256

    7e5f0e448cf72a97ed72a6bb77fdc8e10aee57c728bb4c0c1a2e498df149880d

    SHA512

    62302fa44d6d9aaf4be446b542446a3c68bc475c3a1f1a417328c7f45c3d3b4dc074e9ed0ea67a67c849c7b7c9f60fb9dd903c609d1b2f6b2458255e0aaf2c77

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    85KB

    MD5

    684cb97ee62f8ea6b654a2166b6a4f50

    SHA1

    f13797b04ff5a31ed255c6ca9cc820fa3a59bc9e

    SHA256

    bdb0caeef984275caa6707009c912d96a2200bfb3a73e7f4e768ee205fa540c6

    SHA512

    78e6aabf6c85ba454e2a0667e4ecfcf194a08f9e7aba262f038d08b04e1c3e54a9db760d86b3c899325b49e722f51fd4b78736e33465fd0e6b853ca128028ef1

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    57KB

    MD5

    da29e172e72f59825ec1c74d1cdb5a58

    SHA1

    a63c0d37e6b400a67d55c22b9e3d3b5e42e3a243

    SHA256

    406824f46638378cc15f748ffe0668c3fbcd0f85bf8f54e9b39d78dd416f3608

    SHA512

    76bf9f1ef388cf00ce0d1e90b0f88b7f33fb64d4c3f7fb1086fe76443368fdaff71268f60403054170e01e44a93a38d2f32f24abaccf104d52890170fdbdba50

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    86KB

    MD5

    5ea0673a3b3c6bb97e6a216b74a02d6e

    SHA1

    fca3bd1741a41a63bcd1ecb796e7bcffa878f603

    SHA256

    29765cf7ef0a8b94e4316616bde6e27fdb768448ba8649a112e8e3caf4fdd219

    SHA512

    6d2d260f9df00fd627c0f524e7b6867bafdac3367de46d2ec983a7c752abf1083d9a5f41d2c90686ef88d08f254a3e6ba671cb74756f9dd5b58128dc16e608c5

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    37KB

    MD5

    e42b0c72f12843cd1e93547940431711

    SHA1

    95ca3dd515e9f920cc88ccc7b1edba8e1c09be53

    SHA256

    186af949f90a32b034b410592de8c0a1137e9c1b7df30d15092ce457f991260f

    SHA512

    941806fcca2c5ccb67ad6a5b3e96a6b52faa57aa563de6463bd3f79560ba566d2d28bbd23eb7ce503d2cd1d61ce4a8b03336a4e34ea152550d9055e1f32d95bc

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    88KB

    MD5

    8d363c3e9c0cfaba97b535bff4b4981a

    SHA1

    7ca37d791b5b2c01ab9840c7f8a18ead0d659536

    SHA256

    c99c15e66662ed29a096613d35b5c2008634d0931c91c9f86413b72a220876bf

    SHA512

    07a03e86daf154439573d8c5422674f5f624f717543c1bbbf27fd508f7dfdbd323a1b6440fbce5a76a85dfcb75038f51ec1e606172574d85105ab39fc099804a

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    63KB

    MD5

    8cbdd62d8fc4ea03a1ee5df7726e162a

    SHA1

    97fdb55f9253d0a4b28c53a3f102bfbb5d5be2b6

    SHA256

    1c638f8156d22d3b03e311a9c7ddff31aa50543b8968a1c7642574f7469c87b1

    SHA512

    3646dd5e234e0780eccf7aaf6a4fa26e137306b8b08420ad728f14960584bbd5f752b093215b8768f9cc58f64957ed7f80ac99421e5598a0e6cc14142d7c3848

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    4KB

    MD5

    2ebd27a29f5c1eae6918a62de28bd6f7

    SHA1

    3cf1554631f19efbfae71487c7a9fa712f8db641

    SHA256

    a47c0ca85c5e4ca22b74597a65395c6ffb613809eb25edd3a96380283e14d46b

    SHA512

    0e34ad5285f1ae4bef39fbdad3da9bb59731a6aa621bdd4250a238b83ebc9a5a7dcf492752eb764f6da009f7c8d90987017763e7bbe0d77813c4677b5293b773

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    5KB

    MD5

    e4819c7205686f49abd9383bf2558b6a

    SHA1

    ba6bff59aa62c25d99939e3670e00f47d4b2d36f

    SHA256

    5a7a68b8764961c82d48b8e6a990d6b05283df6f6cb8e6026acaddc93d682945

    SHA512

    25f31ec47fbab89103974f09c104312f67b8da063616f0273dd3661163a41157f8bc98d15899e2bd097a6eb3176cc4148aca5b845490a569eb123505e3f90e26

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    7KB

    MD5

    37d69fa08fd81af8679413b0018c25c2

    SHA1

    7eb2b77fa7ee3d67ebec3f0439a1ac635de879aa

    SHA256

    55f1417b3eab6df1b543e9512d73ac842b9dc379b9391462896ee7ce6e12029e

    SHA512

    0c1ec593a2de573cd9c38884588eef9ba40d60366b52a85bab68a98f3a83fb3e4cdad426fcc5c691e65399756b8e921fdad3c4c48612c2d92e09a8645d3e9ba2

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    1KB

    MD5

    b2137d95f05ce3a88174d28d7502383f

    SHA1

    4d8bf0ba77a6828d0a951949cc7aa2540d616900

    SHA256

    69125a5ff0fd84f7cf40ff20f1be93b08032de5df50a7334e39a60c481cb6948

    SHA512

    4d1562f7f65d4fd6e28bb2747fc1bac7f0d7b1055f495ee4010ec23ab422d6acdac3fc2f3220d4e0742a90950959a12c0e3f026c2b937ddf089f372b6152cd81

    Download Submit

  • C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll
    Filesize

    1022B

    MD5

    87809293178b3dd62343eadc2bc6b684

    SHA1

    f5877fe7696f722b86a832b14e9753e739869553

    SHA256

    9511658d258050716eb2a3a0e95f48ff940cd66ac5d534018828d87a8587efe8

    SHA512

    89742ced63c97089681c225c2abf2a923ad48885d6160bb77e6d2c0510199b8f90b7f56f0a1ba27b316a7249072f4b840b7239d9b45e058115e60feae290e15d

    Download Submit

  • memory/512-6136-0x0000000000400000-0x00000000005BA000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/512-0-0x0000000000400000-0x00000000005BA000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/512-11173-0x0000000000400000-0x00000000005BA000-memory.dmp

    Filesize

    1.7MB

    Download