e9b8d1920a116a120b8a78a35af40e0392f1d5cdd9ea0f67292bcb84cf11f730

Analysis

max time kernel
4s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ef66ee1985a43283a7d1d2c8e0c8275.exe
Size

1.8MB
MD5

6ef66ee1985a43283a7d1d2c8e0c8275
SHA1

e9a30fcc00dfd715fb3b4d1b43ca3291a36b7f4f
SHA256

e9b8d1920a116a120b8a78a35af40e0392f1d5cdd9ea0f67292bcb84cf11f730
SHA512

af72ab719a55dfae2206fb3b9346e4b21b5e470213e03d17bb613c62606647350bc871985eaeedb595e8144c790cd4f8584c6dbead87b5edceeb3a5a66268a30
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqc:SCqm2Jpr0nNM7Dus7Nxh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4092-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228cc-5.dat	upx
behavioral2/memory/4092-4809-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0001000000021e1b-8844.dat	upx
behavioral2/files/0x0001000000021e1b-8843.dat	upx
behavioral2/files/0x0001000000021e1b-8842.dat	upx
behavioral2/files/0x0001000000021974-8849.dat	upx
behavioral2/files/0x0001000000021974-8851.dat	upx
behavioral2/files/0x0001000000021974-8850.dat	upx
behavioral2/files/0x0001000000021e1b-8862.dat	upx
behavioral2/memory/4092-13436-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\bg.txt.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\wab32.dll	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\7-Zip\7z.exe.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cy.txt	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasql.dll	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\ApproveSplit.contact	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Alphabet.xml.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.exe	6ef66ee1985a43283a7d1d2c8e0c8275.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui	6ef66ee1985a43283a7d1d2c8e0c8275.exe

C:\Users\Admin\AppData\Local\Temp\6ef66ee1985a43283a7d1d2c8e0c8275.exe
"C:\Users\Admin\AppData\Local\Temp\6ef66ee1985a43283a7d1d2c8e0c8275.exe"
1⤵
- Drops file in Program Files directory
PID:4092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
15KB

MD5
b9bb0d5629f5d72dce3a179c785445b8

SHA1
4296c57b12603022e2ae120faf0eef571c31f861

SHA256
e3696dd6a3306c351cf686d4f9d993721a005cafd2bd2e8b988664cf433d1dd7

SHA512
00a7506f3bfde13cf3b16e4a104262f08e9794e4a7d749ca882d9961fec7d34981b8255e3db127fa9790765b02d6906e5086324a0596418b4a2fd6e833905f25

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
42KB

MD5
3bdfc22d8d5bc28ffbb632cc3b46812a

SHA1
f6e7e186e15a9056e6878bec99249027a5b25380

SHA256
bd0a87be1c16c406eb1a3d196d09082f127818cf3d4707eb1665c879dc5526af

SHA512
a2a0447644ef1915d3ecdc1a3bff8d00705270b71bbc9b0becaa7bf5f457fe0a039e134f592bf0f715b62362ef8c2dfe7ae668f0b1bd15b5345867732705e908

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
49KB

MD5
4d4ae1a426f41645c4ff90de9aa69a27

SHA1
43c36ebe6107beae0ae5293f694e948dbb336fcf

SHA256
b344e78f9caf23b79d847a52963d61cb34abef30041e50202bd3ff08fbf16d00

SHA512
e4c8127d34cab6044946ac9aa79b3843bd86b661924daab55c6d1d030f5de0e95b0f2d56a663db9dae3dc62de2d60a12d8c37e978fcac820f793d21b2ddfb61c

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
9KB

MD5
f578273ea6059c3f3aa6baf66c01b85f

SHA1
0fe4b8055233d29614db2643f1095b012d9f7419

SHA256
7867eacd7ae0e7020cdfecd2827d89c2cfa759236ec24f3a5cc10ae4ecbc0779

SHA512
9ef16b973254ccf3a34a1e9270fcc379537d5cc7a8dfed744c58fce31af9499534780737250f45fa8ccc4c5e0448cd8fdfd6658914efcf4e0d4cb31940d506c1

Download Submit
C:\Program Files\Microsoft Office\root\Office16\VISSHE.DLL

Filesize
1.8MB

MD5
8084d3c6a9c3792df0a08bb7a6760f1f

SHA1
ad00afc70567b9bb7eac818830156bbb61b434cf

SHA256
5c91c4d230b798206aaf433b4f3517e164a856d7b164f66cfac554c48db780cd

SHA512
9b18b3459c0a0a35c6465ad064e41a5147993c85105686c5b6cf95d03a2b1fab288c3d987db40b58a906a4c334eb06105bcbc133ff73f9b8e39a57d7712258a4

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
54KB

MD5
d26922cdf54e222d0949e4e070e2eb80

SHA1
ad8cd87c3b86dda32f885c585930ebd5cca2f830

SHA256
960bfdfea089e76a6f276401b0c5c06b68042a8474c51fa01c8746b2e67e809c

SHA512
657ebc28f46c7962584ada10f4db51dc5ec55adc43aefe36930667641d2245d78767d86ec9cfbe4f2a811f5ab65eeacc1a4ad8b1cf4661018029d89b253efe96

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
38KB

MD5
a6b1b7583a701e496a192d5ef5148a79

SHA1
b056d1b5b1833a772acc95e470e125bb82b085f1

SHA256
4dc363645e5aa7bdb7e395d58d193242477a1655578760f3d0552a1e39ae77e0

SHA512
fa03b5fad28aba96caf4289db17d90bdba069f87eb595d9fc8e736e5f355b984237996919643150aaebd14e6db58e30b1128f2e4be2a8ba19cac1a70db8d2fed

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
84KB

MD5
edc94e8c7a5fa11803d26c8f05973f18

SHA1
556b5489cbcb74ed617b59a2ce04693400dfa276

SHA256
291960c3149f5b954801349f722d0d85996c06a0479cc05bc84e798a2abf847a

SHA512
27190f338312868248b5084e1c7696dbe88ab9bfb1150b99df29fe07854ec7033706278176f2a259f508217a90088694e9bb58b0328f3ebd130305b4e3934a8c

Download Submit
memory/4092-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4092-4809-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4092-13436-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads