Analysis
-
max time kernel
5s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
26/12/2023, 12:03
Behavioral task
behavioral1
Sample
6d013457dc0216acb958524f3dab4d00.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
6d013457dc0216acb958524f3dab4d00.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
6d013457dc0216acb958524f3dab4d00.exe
-
Size
1.8MB
-
MD5
6d013457dc0216acb958524f3dab4d00
-
SHA1
4a0deb5135ec7a31f0a135a03fa47eec2671d2db
-
SHA256
9e5724a6dbd1d6381542183e062a103f460a9d043b073a87a6be4736388257c3
-
SHA512
74485dbabe5cf35b613aa768e365a6c38e94188202673b97aab48e821eafab957aa01b17956cf6163b49870b129c49b92461930318774359b56f8e32da9e3d3e
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHi:SCqm2Jpr0nNM7Dus7Nx2C
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/968-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x00020000000228cc-5.dat upx behavioral2/memory/968-4456-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.exe Process not Found File created C:\Program Files\7-Zip\Lang\hu.txt.exe 6d013457dc0216acb958524f3dab4d00.exe File opened for modification C:\Program Files\7-Zip\Lang\ka.txt 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\7-Zip\Lang\tt.txt.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.exe Process not Found File created C:\Program Files\7-Zip\Lang\nl.txt.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.exe Process not Found File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui Process not Found File opened for modification C:\Program Files\7-Zip\7-zip.dll 6d013457dc0216acb958524f3dab4d00.exe File opened for modification C:\Program Files\7-Zip\Lang\ne.txt 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\System\msadc\msdaremr.dll 6d013457dc0216acb958524f3dab4d00.exe File opened for modification C:\Program Files\7-Zip\Lang\fi.txt 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\7-Zip\Lang\be.txt.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\System\msadc\msaddsr.dll.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\7-Zip\Lang\he.txt.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\System\msadc\msdaprst.dll.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.exe Process not Found File created C:\Program Files\Common Files\System\ado\adojavas.inc.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\System\msadc\adcjavas.inc 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui Process not Found File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll 6d013457dc0216acb958524f3dab4d00.exe File opened for modification C:\Program Files\7-Zip\Lang\sq.txt 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\System\ado\msadomd28.tlb 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll Process not Found File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui Process not Found File created C:\Program Files\Common Files\microsoft shared\ink\en-US\tabskb.dll.mui Process not Found File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RCom.dll.exe Process not Found File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll Process not Found File created C:\Program Files\Common Files\microsoft shared\ink\en-US\InkObj.dll.mui Process not Found File opened for modification C:\Program Files\7-Zip\Lang\co.txt 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.exe 6d013457dc0216acb958524f3dab4d00.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll Process not Found File created C:\Program Files\Common Files\System\ado\adovbs.inc.exe 6d013457dc0216acb958524f3dab4d00.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.id-id.dll 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.exe Process not Found File created C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.exe Process not Found File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll 6d013457dc0216acb958524f3dab4d00.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.exe Process not Found File created C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui Process not Found File created C:\Program Files\7-Zip\7-zip32.dll.exe 6d013457dc0216acb958524f3dab4d00.exe File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.exe Process not Found File created C:\Program Files\7-Zip\Lang\ms.txt.exe 6d013457dc0216acb958524f3dab4d00.exe File opened for modification C:\Program Files\7-Zip\Lang\pt.txt 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll Process not Found File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.exe Process not Found File opened for modification C:\Program Files\7-Zip\Lang\en.ttt 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\7-Zip\Lang\kk.txt.exe 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui 6d013457dc0216acb958524f3dab4d00.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll 6d013457dc0216acb958524f3dab4d00.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll 6d013457dc0216acb958524f3dab4d00.exe File created C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.exe Process not Found File opened for modification C:\Program Files\7-Zip\Lang\nn.txt 6d013457dc0216acb958524f3dab4d00.exe