5887c901ac621ca901538de3e773b243c90976618a471686db1f0e18f7e1843b

Analysis

max time kernel
162s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2023 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc138a8895592046b4325d39a50a8ede.exe
Size

1.8MB
MD5

fc138a8895592046b4325d39a50a8ede
SHA1

bcc16f6bb5dd687800d35757e70f03d58adb59aa
SHA256

5887c901ac621ca901538de3e773b243c90976618a471686db1f0e18f7e1843b
SHA512

bf11011fd803f69f685bf021c24f1c0acd3b9ee9db9c6ec5ec81218c3bafb27fdf9f32cbca7b31b14fdd74c8d2e6e493ae7005ab2591cff76d79a20f87ebc5a5
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqm:SCqm2Jpr0nNM7Dus7Nx7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4628-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227ab-5.dat	upx
behavioral2/memory/4628-460-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-sysinfo-l1-1-0.dll	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.exe	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-namedpipe-l1-1-0.dll	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\DisableSync.vstm	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\pt-BR.pak	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.exe	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-1-0.dll	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\7-Zip\Lang\pt-br.txt.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Internet Explorer\de-DE\iexplore.exe.mui.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\RepoMan.dll.exe	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-libraryloader-l1-1-0.dll.exe	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32.dll	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jmc.txt	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.exe	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\classfile_constants.h	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Internet Explorer\SIGNUP\install.ins.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Java\jdk-1.8\bin\idlj.exe.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml.exe	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-1.dll.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.exe	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.exe	fc138a8895592046b4325d39a50a8ede.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.exe	fc138a8895592046b4325d39a50a8ede.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.exe	fc138a8895592046b4325d39a50a8ede.exe

C:\Users\Admin\AppData\Local\Temp\fc138a8895592046b4325d39a50a8ede.exe
"C:\Users\Admin\AppData\Local\Temp\fc138a8895592046b4325d39a50a8ede.exe"
1⤵
- Drops file in Program Files directory
PID:4628

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1024KB

MD5
6f3c31a880db3e9e35945c17aaae34d8

SHA1
cf09444cc59521ad1cca8632581dcad9977d96a8

SHA256
1cbdb1a76150f6b3bd910bd6e17a5dbd40ef31427d64e87231b5e4ea73dffafb

SHA512
db07930d9ff7688e01ec30b3849c24d60245b8fe68f6b40d7fa9d2629a72e86fe4d862c28a5840815af6373cdc1fbacc7202e62a91aa35da73582b324aca6e4d

Download Submit
memory/4628-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4628-460-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads