f8ae0c418a9460488322c3f16572ce7969f57e21cc7934767eb86fb41020852d

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 15:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

78b513e52791090e9c0fe53f1b0f5336.exe
Size

1.8MB
MD5

78b513e52791090e9c0fe53f1b0f5336
SHA1

2e9ee206502c2165dc5502925f14e521a9aa8e95
SHA256

f8ae0c418a9460488322c3f16572ce7969f57e21cc7934767eb86fb41020852d
SHA512

8e39d05b4c93188c61ce98a612493c8ee818502aadc199f90f413fa49e50894f19e8878956e9cb55860bed4116c148d871a0690628d12b74cc9ca046d3172605
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqh:SCqm2Jpr0nNM7Dus7Nxk

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000900000001560b-5.dat	upx
behavioral1/memory/2232-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2232-2887-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2232-9176-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\desktop.ini	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	78b513e52791090e9c0fe53f1b0f5336.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_fr.properties	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\New_York.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\DVD Maker\OmdBase.dll	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Cordoba	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.publisher_1.3.0.v20140911-0143.jar	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.swt.nl_zh_4.4.0.v20140623020002.jar	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-progress.xml	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jre7\lib\deploy\messages_pt_BR.properties.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Zurich.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_output\libamem_plugin.dll	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-util-enumerations_ja.jar	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jre7\bin\kinit.exe.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\blacklist	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Fortaleza	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.runtime_3.10.0.v20140318-2214.jar	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-coredump.xml	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Boa_Vista	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-8.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuvp_plugin.dll.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Windows Defender\en-US\MsMpRes.dll.mui	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\it-IT\gadget.xml.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\flyout.html	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_search_up.png	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Windows Mail\ja-JP\msoeres.dll.mui.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Spades\Shvl.dll	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.resources.dll	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Xml.Linq.Resources.dll.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.ja_5.5.0.165303.jar	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\org-netbeans-modules-profiler_visualvm.jar	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscene_plugin.dll	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\library.js.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\locale\boot_zh_CN.jar	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jre7\bin\jawt.dll.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_gray_snow.png.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-tools_zh_CN.jar.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Extensions.dll	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Paris.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.properties.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Microsoft Office\Office14\1033\MAPISHELLR.DLL.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\css\flyout.css	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\reveal_down.png	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\js\highDpiImageSwap.js	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\26.png.exe	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\Windows Sidebar\sbdrop.dll	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Java\jre7\lib\rt.jar	78b513e52791090e9c0fe53f1b0f5336.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png	78b513e52791090e9c0fe53f1b0f5336.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak	78b513e52791090e9c0fe53f1b0f5336.exe

C:\Users\Admin\AppData\Local\Temp\78b513e52791090e9c0fe53f1b0f5336.exe
"C:\Users\Admin\AppData\Local\Temp\78b513e52791090e9c0fe53f1b0f5336.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
92KB

MD5
94d0a59e3e1f8034cf928876b525b2e7

SHA1
30600a6adaa67b9869a92bdcd1fa14b38632e150

SHA256
ed4e1966cd563d7725bc4d87fc6c03e4f2c170a015dc364b4ab9dbe923de852c

SHA512
42d76e865408a314eac1a5158ec5b09058b07b0672ae4850e495ab029b40115e52037bd0248ddf546139aee00a78b442dbee2b5e56bf5653c42d45a5d64271bf

Download Submit
memory/2232-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2232-2887-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2232-9176-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads