a2564f107d7a21954b9efbe5776946e5b1cd4e013d93faabccdb3dc29b10a8b0

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7de3892afdca5c60c2717790948b4e29.exe
Size

1.8MB
MD5

7de3892afdca5c60c2717790948b4e29
SHA1

0e49df2e7edf2eac6117816e48efc97c3720dd61
SHA256

a2564f107d7a21954b9efbe5776946e5b1cd4e013d93faabccdb3dc29b10a8b0
SHA512

c466cc1bf7dee02a2cac317678dd8d134b21f2303d9c98c42c7535f84dd3440fb1b7a14a37dd33a971029d299c7c0364a643a325dd834d73752399202e4faa17
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqt0:SCqm2Jpr0nNM7Dus7Nxf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1440-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/1440-4099-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/1440-13403-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\desktop.ini	7de3892afdca5c60c2717790948b4e29.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC Drivers\Salesforce\lib\1033\ODBCMESSAGES.XML.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-white\MedTile.scale-200.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\subscription_intro\save-money.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.27323.0_x64__8wekyb3d8bbwe\vcamp140_app.dll.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\BadgeLogo.scale-125_contrast-black.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\Doughboy.scale-300.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_OEM_Perp-ul-phn.xrm-ms.exe	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Car\RTL\contrast-white\WideTile.scale-100.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Xml.ReaderWriter.dll	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-GoogleCloudCacheMini.scale-125.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Xml.XmlSerializer.dll	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pl\WindowsFormsIntegration.resources.dll	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\POWERPNT.HXS	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\stickers\word_art\sticker33.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-72.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\LinkedInboxWideTile.scale-125.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\Match.Tests.ps1.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Call_Reconnected_Loud.m4a.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSplashLogo.scale-150.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.contrast-white_targetsize-256.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailMediumTile.scale-200.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial1-ul-oob.xrm-ms.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNewNoteSmallTile.scale-100.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\30.jpg.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\msointlimm.dll.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Advanced-Dark.scale-100.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\zh-Hant\ReachFramework.resources.dll.exe	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-black_scale-140.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.targetsize-256.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNewNoteSmallTile.scale-100.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\Ratings\Yelp3.scale-200.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-96_altform-lightunplated_devicefamily-colorfulunplated.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SplashScreen.scale-100_contrast-white.png	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdO365R_Subscription-ppd.xrm-ms	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.winmd	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_Retail2-pl.xrm-ms.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp2-pl.xrm-ms.exe	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\api-ms-win-core-processthreads-l1-1-1.dll	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxCalendarAppList.targetsize-16.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTrial-ppd.xrm-ms.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.SkypeApp_14.53.77.0_neutral_split.scale-125_kzf8qxf38zg5c\Assets\Images\SkypeLogo.scale-125.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\200.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageAppList.targetsize-80_contrast-white.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_altform-unplated_contrast-white.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ul-oob.xrm-ms	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\VideoLAN\VLC\Documentation.url.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\Windows Media Player\it-IT\setup_wm.exe.mui.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-40.png	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\GenericMailSmallTile.scale-125.png	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.Vectors.dll	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusinessVL_MAK-pl.xrm-ms	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\Windows Defender\fr-FR\EppManifest.dll.mui	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SKY\SKY.INF	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\210x173\4.jpg.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailLargeTile.scale-125.png.exe	7de3892afdca5c60c2717790948b4e29.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.exe	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_Trial-pl.xrm-ms	7de3892afdca5c60c2717790948b4e29.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Trial-ppd.xrm-ms	7de3892afdca5c60c2717790948b4e29.exe

C:\Users\Admin\AppData\Local\Temp\7de3892afdca5c60c2717790948b4e29.exe
"C:\Users\Admin\AppData\Local\Temp\7de3892afdca5c60c2717790948b4e29.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1440-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1440-4099-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1440-13403-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads