ddcff5ff610eb4d2c0e9162e7a253161f5c2625dadf8d57b48bdb96415f2da04

Analysis

max time kernel
190s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 10:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66d11e1228adbbf3a4a5db9b413e668a.exe
Size

1.8MB
MD5

66d11e1228adbbf3a4a5db9b413e668a
SHA1

1a58c52ab70c43ca7f66510c3fb9aa7fef1d24d7
SHA256

ddcff5ff610eb4d2c0e9162e7a253161f5c2625dadf8d57b48bdb96415f2da04
SHA512

5653d56795fd022756fb5bb10529957f68fb3d0c1428cc64d2dff3548afef7a3c856e280b84901b5521033d51e27638c8f47c5ca563343c3a06c37342e2fa2cd
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHF:SCqm2Jpr0nNM7Dus7Nx2l

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4328-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022794-5.dat	upx
behavioral2/memory/4328-19-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\eo.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\ado\fr-FR\msader15.dll.mui.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\pt.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\fy.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\tk.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.exe	66d11e1228adbbf3a4a5db9b413e668a.exe

C:\Users\Admin\AppData\Local\Temp\66d11e1228adbbf3a4a5db9b413e668a.exe
"C:\Users\Admin\AppData\Local\Temp\66d11e1228adbbf3a4a5db9b413e668a.exe"
1⤵
- Drops file in Program Files directory
PID:4328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
81a5b030e7cd1435f60875c96c752eb0

SHA1
02ccd789123e7544cd900286ef9ae1d37f2906da

SHA256
36ed9f007ed8652d431a6973af6c015690a6683e0c13eeb670b60d9588feb4f0

SHA512
36a1eedcedbb36a3b95a7a7802f8d671cc3b7ddc1d1107f3be6b4abdd20a54b7f6cbdee22b2e1c2bf2400cb1ab8a950c3ef5b5820c28a186d89c43e296556814

Download Submit
memory/4328-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4328-19-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads