ddcff5ff610eb4d2c0e9162e7a253161f5c2625dadf8d57b48bdb96415f2da04

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66d11e1228adbbf3a4a5db9b413e668a.exe
Size

1.8MB
MD5

66d11e1228adbbf3a4a5db9b413e668a
SHA1

1a58c52ab70c43ca7f66510c3fb9aa7fef1d24d7
SHA256

ddcff5ff610eb4d2c0e9162e7a253161f5c2625dadf8d57b48bdb96415f2da04
SHA512

5653d56795fd022756fb5bb10529957f68fb3d0c1428cc64d2dff3548afef7a3c856e280b84901b5521033d51e27638c8f47c5ca563343c3a06c37342e2fa2cd
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHF:SCqm2Jpr0nNM7Dus7Nx2l

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2536-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0034000000015d20-5.dat	upx
behavioral1/memory/2536-635-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	66d11e1228adbbf3a4a5db9b413e668a.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Ojinaga	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\nacl_irt_x86_64.nexe.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Internet Explorer\iedvtool.dll.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Caracas.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Stanley.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cuiaba.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\lt-LT\tipresx.dll.mui.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pl-PL\tipresx.dll.mui	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\server\jvm.dll	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\7z.dll.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_jpn.xml	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Adelaide.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nome	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\flavormap.properties.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\de.pak	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmid.exe.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Curacao	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-correct.avi.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\msadc\handler.reg	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Knox	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santarem.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Chita.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\US_export_policy.jar.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_kor.xml.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\DVD Maker\es-ES\DVDMaker.exe.mui	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\optimization_guide_internal.dll.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Srednekolymsk	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak	66d11e1228adbbf3a4a5db9b413e668a.exe

C:\Users\Admin\AppData\Local\Temp\66d11e1228adbbf3a4a5db9b413e668a.exe
"C:\Users\Admin\AppData\Local\Temp\66d11e1228adbbf3a4a5db9b413e668a.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
567a5d6501b4d8465145b1b1227b6d2d

SHA1
201b194c6ee3738672c71211615db849d7ea56d1

SHA256
bae3ee1fb2cdb018c4da0f26a1b2ef25e6648e66a9ae55a98adb2c6c8c6df728

SHA512
f1019275b2ef25c579990cc6231f96d475d332a2d995c38ae9e5a91cd110af3dac5d4cfc390ae871eccf321af9184fe481ed7cc3e10da36b592de04e7a03a4a2

Download Submit
memory/2536-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2536-635-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads