44d95cb0f7d25c111fc0563d9015a182e54dfc9b2253c0fe7199dc8757e12187

Analysis

max time kernel
2s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d5138b803123a2d5ef434aeb20dd0e1.exe
Size

1.8MB
MD5

7d5138b803123a2d5ef434aeb20dd0e1
SHA1

f0d9c287e6c68b88e41d4b6bb4c14844f9e5eab9
SHA256

44d95cb0f7d25c111fc0563d9015a182e54dfc9b2253c0fe7199dc8757e12187
SHA512

d295ec306d7a4476b16a6cd375a077bea2df1a64dd811e34c4e4f9a35619ce8fe710bad273e87275ed91f8e8ecbec9b59b33f7ef535f11f700085aee12075986
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqtZ:SCqm2Jpr0nNM7Dus7Nxm

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1768-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0037000000015d28-5.dat	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	7d5138b803123a2d5ef434aeb20dd0e1.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscat.xml	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7d5138b803123a2d5ef434aeb20dd0e1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\da-DK\tipresx.dll.mui	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\7-Zip\7zG.exe.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml	7d5138b803123a2d5ef434aeb20dd0e1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7d5138b803123a2d5ef434aeb20dd0e1.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPC.DLL	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base.xml	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusalm.dat.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\IpsMigrationPlugin.dll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InkObj.dll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\delete.avi	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mshwLatin.dll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\rtscom.dll.mui	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ar-SA\tipresx.dll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui	7d5138b803123a2d5ef434aeb20dd0e1.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.jpg.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptg.xml.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tipresx.dll.mui	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\BackupDeny.vstx.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Seyes.emf	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\mip.exe.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqloledb.rll.mui	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\7-Zip\7-zip.dll.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickAnimation.avi.exe	7d5138b803123a2d5ef434aeb20dd0e1.exe

C:\Users\Admin\AppData\Local\Temp\7d5138b803123a2d5ef434aeb20dd0e1.exe
"C:\Users\Admin\AppData\Local\Temp\7d5138b803123a2d5ef434aeb20dd0e1.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
64KB

MD5
0b07a5a68a40eac3966fba8c8045c122

SHA1
d7c99f192a8f52dfa89eeb9ab42f84216a15ee1d

SHA256
5bbd2b6a308a09cfe4e9d5f81908f82102fb65f438f901d34bcc608354e93d8a

SHA512
3cfad76093113047e1313fa4d94eb1d4e6ff0493081b53522c4b980886699680e7eaea1d53c6375314557dadc17bffd48e22152b3a99d0de1bdda3c4bb10d742

Download Submit
memory/1768-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1768-2924-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1768-9192-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads