3445606ecfda79b01f549ca7fc6c6970dbc0302702efc4debeb5468df56ff779

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 03:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

514a1b8c434ec9d3a5ec3cdaf9860266.exe
Size

1.8MB
MD5

514a1b8c434ec9d3a5ec3cdaf9860266
SHA1

c931f1a4b4c289e7238d96b5da3942673b78661f
SHA256

3445606ecfda79b01f549ca7fc6c6970dbc0302702efc4debeb5468df56ff779
SHA512

5e1dbfc8121bf00708a83233702010480a2ce0438b2cee23f4419f726e142ec01be6ec46869afa5fd008f1f149655a44051b7c304580e3c2ffb3e368e00c7ea1
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq2:SCqm2Jpr0nNM7Dus7NxH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1044-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022897-5.dat	upx
behavioral2/memory/1044-5493-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/1044-13370-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\desktop.ini	514a1b8c434ec9d3a5ec3cdaf9860266.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Dark.scale-100.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.Serialization.dll.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdCO365R_SubTrial-pl.xrm-ms.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Assets\MobileUpsellImage-light.png	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\WideTile.scale-200.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsWideTile.contrast-black_scale-100.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\meta-index	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProO365R_SubTest-ppd.xrm-ms.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-16_altform-unplated_contrast-black.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\Classic\Klondike.Large.png	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdCO365R_SubTest-ul-oob.xrm-ms	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\System\ole db\xmlrw.dll	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\LibCurl64.DllA\OpenSSL64.DllA\zlibwapi.dll.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Viewpoints\Light\Cavalier.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionMedTile.scale-400.png	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarBadge.scale-200.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessDemoR_BypassTrial365-ul-oob.xrm-ms	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxSignature.p7x	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019VL_MAK_AE-ul-phn.xrm-ms	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinChart.v11.1.dll.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\AppPackageBadgeLogo.scale-125_contrast-white.png	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36.png	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\It.ps1	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\Java\jre-1.8\bin\jaas_nt.dll.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsWideTile.scale-200.png	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\DirectWriteForwarder.dll	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.IO.FileSystem.DriveInfo.dll.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-72_altform-unplated.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\AppCS\Assets\FaceReco_Illustration_SM.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.scale-200_contrast-black.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.FileVersionInfo.dll	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\uz\LC_MESSAGES\vlc.mo	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\resources.7a43ec75.pri.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC_K_COL.HXK	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\resources.pri	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_Grace-ul-oob.xrm-ms	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-utility-l1-1-0.dll	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-125_contrast-white.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxLargeTile.scale-200.png	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\fonts\NotebookIconAnimation.ttf	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-100_contrast-high.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\winsdkfb.dll	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-200.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\ContemporaryPhotoAlbum.potx	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\fr\Microsoft.VisualBasic.Forms.resources.dll.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\en\Common.ClientConfiguration.Resources.dll.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.IO.Compression.dll	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalcMDL2.ttf.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyView.scale-200.png	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square150x150\PaintMedTile.scale-200.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Square44x44Logo.targetsize-96_altform-unplated.png	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\LargeTile.scale-150_contrast-black.png	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\MapLightTheme.png	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-300.png	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\Java\jdk-1.8\lib\ct.sym.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Solitaire.winmd.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-48_altform-lightunplated.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailAppList.targetsize-48_altform-unplated.png.exe	514a1b8c434ec9d3a5ec3cdaf9860266.exe

C:\Users\Admin\AppData\Local\Temp\514a1b8c434ec9d3a5ec3cdaf9860266.exe
"C:\Users\Admin\AppData\Local\Temp\514a1b8c434ec9d3a5ec3cdaf9860266.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
b69826857f1cf3628d4bbc9c4cf17964

SHA1
1b40e182efb2ef028b3d08d6387588e1b0df9af2

SHA256
3832b54ec9c6a051062dd2dd49c4acca4de4ee0192c310ffa2e4c60a9067fb7f

SHA512
4488c8f25ff3c9860724a915a10d67e1a8aa844c8575b5d872ca7e9df4cc32a47d52f161f8f20769e9a6ed4da815fe898a410435b8c2dd8150272fd2fd53bfd0

Download Submit
memory/1044-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1044-5493-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1044-13370-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads