c7426d4815ce4ade95ca9fd7c68b05a52966e94c064c99f5ed293f46c6a8fbb9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64c77b506873e72257c4064f5c6123c2.exe
Size

1.8MB
MD5

64c77b506873e72257c4064f5c6123c2
SHA1

63b9cbb1fc45c5b9b9fbef236918ada3628cf465
SHA256

c7426d4815ce4ade95ca9fd7c68b05a52966e94c064c99f5ed293f46c6a8fbb9
SHA512

698959ce1a9db9da3a191eb01ee97fb78bd1a22c11bccd9d5d806d9520cffef5d701a7d2b39476483a3774a63b652e7cbccf0a2232afe32293a7d3589a1c6fa6
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqy:SCqm2Jpr0nNM7Dus7Nxj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2952-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x00090000000142cc-5.dat	upx
behavioral1/memory/2952-3329-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2952-9168-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\desktop.ini	64c77b506873e72257c4064f5c6123c2.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Reunion	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\New_Salem	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bNext.png.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Indian\Kerguelen.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\es-ES\shvlzm.exe.mui	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Mozilla Firefox\ucrtbase.dll.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\images\buttons.png	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_orange.png.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\RSSFeeds.html.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Johannesburg	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_down.png.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Empty.png.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\java.policy	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Mozilla Firefox\mozwer.dll.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\picturePuzzle.html.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\5.png.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\zipfs.jar	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Java\jre7\lib\zi\Australia\Hobart.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Norfolk	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_hevc_plugin.dll	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\DVD Maker\Shared\Parity.fx	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Java\jre7\lib\alt-rt.jar.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\cli.luac.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\css\currency.css.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Internet Explorer\jsdbgui.dll.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Enderbury	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libequalizer_plugin.dll.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\logo.png.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\currency.data.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\VideoLAN\VLC\uninstall.exe.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Tools.dll.mui.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ar.pak.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Khandyga.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.artifact.repository.nl_zh_4.4.0.v20140623020002.jar	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.console.nl_ja_4.4.0.v20140623020002.jar.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdmo_plugin.dll.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libdxva2_plugin.dll	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\es-ES\gadget.xml	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mip.exe.mui	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jce.jar	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Java\jre7\lib\ext\localedata.jar.exe	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\YST9YDT	64c77b506873e72257c4064f5c6123c2.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ro\LC_MESSAGES\vlc.mo	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Media Player\fr-FR\WMPDMC.exe.mui	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\7-Zip\Lang\cs.txt.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnssui.dll.mui	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui.exe	64c77b506873e72257c4064f5c6123c2.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\graph_down.png	64c77b506873e72257c4064f5c6123c2.exe

C:\Users\Admin\AppData\Local\Temp\64c77b506873e72257c4064f5c6123c2.exe
"C:\Users\Admin\AppData\Local\Temp\64c77b506873e72257c4064f5c6123c2.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
f32968f1fbe9c5ab4e6a6ddcd3255546

SHA1
eb4cd8716b89f493fdadb8b554c17a8b753323ad

SHA256
a25be5910757df9b69528d5e9f7518e0f28746ea9862102f219b62d2765d4b28

SHA512
948c3f8c4a5fc2068b461c91f8e231297aaf812ee7d621a1a010f2e4dd17966029be828167a9cd76b5152ab24b875412f385ccb5cd88fdc8498578fccc15208a

Download Submit
memory/2952-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2952-3329-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2952-9168-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads