304a2f2ae2d63e68eba8c9457b061b6b172d05a0937c103732e1eded3095df6c

Analysis

max time kernel
135s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 03:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50709cc1dcf124b3d40ba6836c031974.exe
Size

1.8MB
MD5

50709cc1dcf124b3d40ba6836c031974
SHA1

e6c864bb05124485327af9ea3f549603230da430
SHA256

304a2f2ae2d63e68eba8c9457b061b6b172d05a0937c103732e1eded3095df6c
SHA512

1e7637529e2b84ad05427ea4be834789870f73d43bce1e85d55ead7737db40ab7cff29b3cefee5062cad67b32a2f94b827954e73d49c54c8ceaa9cda69cea425
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq1:SCqm2Jpr0nNM7Dus7Nx8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2192-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x000a000000015df9-5.dat	upx
behavioral1/memory/2192-688-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	50709cc1dcf124b3d40ba6836c031974.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Kiev.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\7-Zip\Lang\ar.txt.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jinfo.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Internet Explorer\Timeline.cpu.xml.exe	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Eucla	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png.exe	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Casey.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DVD Maker\DVDMaker.exe	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pt_BR.jar	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\npt.dll	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Anchorage.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfontj2d.properties.exe	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jps.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DVD Maker\Eurosti.TTF	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Warsaw	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\web.xml.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santa_Isabel.exe	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Martinique	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Davis	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbytools.jar.exe	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Pyongyang	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\rtscom.dll.mui.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DisableImport.m4v.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_heb.xml.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.exe	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.exe	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_HK.properties.exe	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Rarotonga	50709cc1dcf124b3d40ba6836c031974.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	50709cc1dcf124b3d40ba6836c031974.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.exe	50709cc1dcf124b3d40ba6836c031974.exe

C:\Users\Admin\AppData\Local\Temp\50709cc1dcf124b3d40ba6836c031974.exe
"C:\Users\Admin\AppData\Local\Temp\50709cc1dcf124b3d40ba6836c031974.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
442KB

MD5
5e2c22d823e9b619b94291749a835d97

SHA1
098cc84924e91a9c9700fdbd6c34f3d12af7bcff

SHA256
fb3e297c87e1bbf64016b14080a6b6d284db0b0717fb6f046fd21fd3fa536403

SHA512
20cdbd7bcaaa1341049ada08b3e0363021718f1d7f78c16e2191358aac283b2dc1f1dba01fbd5240362f688e5688ab8e383b213b95fcdac9644bcc97338ed918

Download Submit
memory/2192-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2192-688-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads