09b314ffd4978b9062b1affcadc9f5547188fb260f9350c978671c27801f63a4

Analysis

max time kernel
163s
max time network
154s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 11:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6aa0455c6852d06dea061988641565ba.exe
Size

1.8MB
MD5

6aa0455c6852d06dea061988641565ba
SHA1

34187d6ca14ddfa75ad5c7ac57fa4dd8a2c92a70
SHA256

09b314ffd4978b9062b1affcadc9f5547188fb260f9350c978671c27801f63a4
SHA512

61eb0002d83a9c6a3eccf8eab1ee0d834a7910721391a863c4f7fdc2fd02dbeff5ce9b6af9dade6f4022112402b3b188678864e724410903013f9fa85528c632
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHp:SCqm2Jpr0nNM7Dus7Nx2J

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2724-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0007000000018f72-5.dat	upx
behavioral1/memory/2724-315-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	6aa0455c6852d06dea061988641565ba.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\rtstreamsource.ax	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\sunec.dll.exe	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Mendoza	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fa.pak.exe	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\w2k_lsa_auth.dll.exe	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll.exe	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.exe	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jaas_nt.dll	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sv.pak.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jconsole.exe.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\System\msadc\msadcf.dll	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\System\msadc\msdarem.dll.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY.exe	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\rmiregistry.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfralm.dat	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\InstallUpdate.ex_	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javafx-iio.dll	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\de-DE\DVDMaker.exe.mui.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kinit.exe.exe	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.exe	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\profile.jfc	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.exe	6aa0455c6852d06dea061988641565ba.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\InstallDeny.pcx	6aa0455c6852d06dea061988641565ba.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	6aa0455c6852d06dea061988641565ba.exe

C:\Users\Admin\AppData\Local\Temp\6aa0455c6852d06dea061988641565ba.exe
"C:\Users\Admin\AppData\Local\Temp\6aa0455c6852d06dea061988641565ba.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
924KB

MD5
419795085c982fbfcd907283fd3bb6ab

SHA1
27f976019378fa0d1f9f8630ef2ce80170a6f5c8

SHA256
f2aeab7446890907f382a7095c9c0b69fdc8445eef97f107dc406c8ac2ef3107

SHA512
3f2d16db1e4a2f72403d252e2784d28f2b49b53ba65081b1b1d4a977a05d4240ddaf36392caebf9f74e623b43b9ecfcb023b60ca1694ef8fd0a7efe3dc82373f

Download Submit
memory/2724-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2724-315-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads