1025a49cc417a4da087d84ba25bc27ae682177e2f46a9f755e847517a08401ca

Analysis

max time kernel
162s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 01:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a6d5261e5e909f62132215061f8d670.exe
Size

1.8MB
MD5

4a6d5261e5e909f62132215061f8d670
SHA1

035780deb2fabc1c5cc1a68cd06928413d24ca88
SHA256

1025a49cc417a4da087d84ba25bc27ae682177e2f46a9f755e847517a08401ca
SHA512

de171aff09ec2c134863ac53056b8a9bf29ee218585bffbae3422d7e28d161cb0fabe131a9033fd28040cadd27b45f2aaac827ae31b9a5300a6c4d52bf501244
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqVs:SCqm2Jpr0nNM7Dus7Nxz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5112-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/5112-142-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\nl-NL\tipresx.dll.mui	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.exe	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwLatin.dll	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.exe	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshe.xml.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsnor.xml.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.exe	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\CompressSearch.i64.exe	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ru-RU\tipresx.dll.mui	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\micaut.dll	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\7-Zip\7zG.exe.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tabskb.dll.mui.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\7-Zip\descript.ion.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\DenyUnblock.wmx	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.exe	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.exe	4a6d5261e5e909f62132215061f8d670.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.exe	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	4a6d5261e5e909f62132215061f8d670.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	4a6d5261e5e909f62132215061f8d670.exe

C:\Users\Admin\AppData\Local\Temp\4a6d5261e5e909f62132215061f8d670.exe
"C:\Users\Admin\AppData\Local\Temp\4a6d5261e5e909f62132215061f8d670.exe"
1⤵
- Drops file in Program Files directory
PID:5112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
3a06df5102bff96fcaf0716a31c3f6c5

SHA1
4caf41976a98ed566ca7f9b7a6e5f728ebe66737

SHA256
a5066563bcc4a3d19cf326ff581d3d9ebe25cf4938bece5a3d8f51717e0c6820

SHA512
939efda0aa3c7fb16e87bea4485f54a99d86ad4d580ff33d202779f0ce81742036b74128e83a0c0c4665582e6e700bd0a878acc2752e24741bc0ba5141cebe43

Download Submit
memory/5112-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/5112-142-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads