f376fbcbad3208bd8ff59d093b9e6b704c68946cd0679476813d67c475d85e9b

Analysis

max time kernel
136s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 17:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7f0a2dd952258e014832e914b0d588b0.exe
Size

1.8MB
MD5

7f0a2dd952258e014832e914b0d588b0
SHA1

a82be2a42b6dbc1e266af784fdefbd41abba383c
SHA256

f376fbcbad3208bd8ff59d093b9e6b704c68946cd0679476813d67c475d85e9b
SHA512

221a6b3ed13f09a8a42920918de5b84a2a83b581bfc637d2789ec2f1f4a36dc51e8749de2b2c2ecd80d7dd8beba907600bed2ad87016560c8f95abe75b1e63f7
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqm:SCqm2Jpr0nNM7Dus7NxP

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2192-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002e000000014636-5.dat	upx
behavioral1/memory/2192-376-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	7f0a2dd952258e014832e914b0d588b0.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txt.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyDrop32x32.gif	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png.exe	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\LICENSE	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\EST5EDT	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Luxembourg.exe	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ext_5.5.0.165303.jar	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritash.dat	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscht.xml	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore.xmi_2.10.1.v20140901-1043.jar	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kabul.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.common_2.10.1.v20140901-1043\META-INF\ECLIPSE_.RSA.exe	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Rio_Branco	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.net.win32.x86_64.nl_zh_4.4.0.v20140623020002.jar	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.frameworkadmin.nl_ja_4.4.0.v20140623020002.jar.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Common Files\System\msadc\handsafe.reg	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\about.html.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\preface.htm.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.exe	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.e4.rcp_1.3.100.v20141007-2033\feature.properties	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.RSA.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx.ui.zh_CN_5.5.0.165303.jar.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Krasnoyarsk.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsptb.xml.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\DVD Maker\audiodepthconverter.ax.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_pl.jar.exe	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\LICENSE	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Eirunepe	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\artifacts.xml.exe	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.core\cache\binary\org.eclipse.rcp_root_4.4.0.v20141007-2301	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Puerto_Rico.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Riyadh88.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Gaza.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\feature.properties.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es-419.pak	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.exe	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.expressions_3.4.600.v20140128-0851.jar	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook.bat.exe	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Mawson	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ho_Chi_Minh.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrusash.dat.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png	7f0a2dd952258e014832e914b0d588b0.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfr\default.jfc	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mazatlan.exe	7f0a2dd952258e014832e914b0d588b0.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll	7f0a2dd952258e014832e914b0d588b0.exe

C:\Users\Admin\AppData\Local\Temp\7f0a2dd952258e014832e914b0d588b0.exe
"C:\Users\Admin\AppData\Local\Temp\7f0a2dd952258e014832e914b0d588b0.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
62504b29b829076df069a08541c80c79

SHA1
fa87777624be4fda9a38a9d02aa81d83f6157c20

SHA256
c06b3c087c9678240668712e8712c85cad52d0ac1917a932e7d05a595facd3e0

SHA512
8c615958300692dffcd2a51894b4481fd3ff1950b731dbd212d1e144871aed01d07bef05fdc1125f61d7e679065c0e25fe8cd6ac5e13d353f52076157b59ec30

Download Submit
memory/2192-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2192-376-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads