c986fb9a0ab5ce2db13b588a63ecd6cf2800ed0e7f9faabb52c43d5eab8c58ea

Analysis

max time kernel
181s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 14:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75fd0917e301ce2ef050aba0b263be10.exe
Size

1.8MB
MD5

75fd0917e301ce2ef050aba0b263be10
SHA1

61b257a193f242e47f3fc97affaf23e39c31e289
SHA256

c986fb9a0ab5ce2db13b588a63ecd6cf2800ed0e7f9faabb52c43d5eab8c58ea
SHA512

68a6845bd7bbe9d34d14e68c31d6c6763d061d36027bcc16f0dc929342e842b60c295b4b542a7972dca7d3f640040581d2cd504427158b0daaa95e77d1c0201d
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqJ:SCqm2Jpr0nNM7Dus7Nx0

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3852-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022849-5.dat	upx
behavioral2/memory/3852-614-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogo.png.exe	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Content.xml	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.exe	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\npjp2.dll	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\System\ado\msador15.dll	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Java\jdk-1.8\LICENSE.exe	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\t2k.dll	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\dt_shmem.dll	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll.exe	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.exe	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\GroupLimit.pcx.exe	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\README.html	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\awt.dll.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base.xml	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TabTip.exe.mui.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrlatinlm.dat	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.exe	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.exe	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\LICENSE	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred.xml	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\server\classes.jsa	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\JavaAccessBridge-64.dll	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-debug-l1-1-0.dll	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\prism_common.dll.exe	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\COPYRIGHT	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-heap-l1-1-0.dll	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll	75fd0917e301ce2ef050aba0b263be10.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.exe	75fd0917e301ce2ef050aba0b263be10.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	75fd0917e301ce2ef050aba0b263be10.exe

C:\Users\Admin\AppData\Local\Temp\75fd0917e301ce2ef050aba0b263be10.exe
"C:\Users\Admin\AppData\Local\Temp\75fd0917e301ce2ef050aba0b263be10.exe"
1⤵
- Drops file in Program Files directory
PID:3852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
93KB

MD5
bfc8d6625a3f87155f8c049e04b2ea82

SHA1
50ba8fc18dd33697a2d33ded925903140df87a6c

SHA256
08050be4c72ae4b6bc75da4a9c68d1bdd4dcc7c6f500b85b2d70d1350fb93f3b

SHA512
72856e025e5ca2670be1d0f11ce210ef3f0f60af92c9e11d9312b7fd2e0148e76ea4b865a2579219e3820bb43f1649000f26485685ceb7d3ac76a427b3052e23

Download Submit
memory/3852-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3852-614-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads