53266f1370baf6754b1dc1c4e7fee140a03810402682122e1dd06bb12f9e580b

Analysis

max time kernel
150s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 15:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7795b213b69d10381a1ec01296b4fce4.exe
Size

2.8MB
MD5

7795b213b69d10381a1ec01296b4fce4
SHA1

eb958b76c0766b6fb68b5959102d24f712d997a6
SHA256

53266f1370baf6754b1dc1c4e7fee140a03810402682122e1dd06bb12f9e580b
SHA512

832158d9c3fe271efb353d246afef736151178cc7eeae8321de5819d9f7c1bed17dffb57fc07e15736546756aa4edbf82e5a96f8a25f4fe16834af735f55865f
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91R:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0n1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4980-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022849-5.dat	upx
behavioral2/memory/4980-252-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\7z.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVManifest.dll	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-handle-l1-1-0.dll.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\JAWTAccessBridge-64.dll.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\auxpad.xml	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Google\Chrome\Application\master_preferences.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\eula.dll.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaosp.dll.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui.exe	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\gu.pak.exe	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak.exe	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l1-2-0.dll	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe.exe	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Internet Explorer\de-DE\ieinstal.exe.mui.exe	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-stdio-l1-1-0.dll	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui.exe	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\j2pkcs11.dll	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll.exe	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Internet Explorer\es-ES\iexplore.exe.mui	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.exe	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.sig	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.exe	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\ExportCheckpoint.vstm	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.hash.exe	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml	7795b213b69d10381a1ec01296b4fce4.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.exe	7795b213b69d10381a1ec01296b4fce4.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7795b213b69d10381a1ec01296b4fce4.exe

C:\Users\Admin\AppData\Local\Temp\7795b213b69d10381a1ec01296b4fce4.exe
"C:\Users\Admin\AppData\Local\Temp\7795b213b69d10381a1ec01296b4fce4.exe"
1⤵
- Drops file in Program Files directory
PID:4980

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.0MB

MD5
11e55a62d346b76dc2cfc5a9670b8ff4

SHA1
c3749cac7504065fbc97377021b1e0287fc0d8f3

SHA256
99811d094eeb4f0355077e71e3bdae14eda1bba0fa748afeefa07d891c9252be

SHA512
0731a5060525109585cc431c351371229e5dc173cb36489e0fb1d35858e120e0800957356fbad318641f03c0bdad8c5d4cdf90ae03881151f94ccbdc9abead3f

Download Submit
memory/4980-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4980-252-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads