b2ea903b3aa7b00810a0d33792e5313874ae4e2e381aeb10563237f7308161b7

Analysis

max time kernel
10s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa8b0e0b53f533ba780445b19bffe99c.exe
Size

1.8MB
MD5

fa8b0e0b53f533ba780445b19bffe99c
SHA1

76d44add68eb72d07b0dafeb1c5d58e7c8e41ad0
SHA256

b2ea903b3aa7b00810a0d33792e5313874ae4e2e381aeb10563237f7308161b7
SHA512

338176d5678a23793b16a473a0e77a5b0ea68993235c06a461f2fc96c1f8c06787c15dbf62aa6391577a3e7e1aeda4643b8c7680a0ee146dad5973f2d47dded7
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkH7:SCqm2Jpr0nNM7Dus7Nx2b

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2652-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2652-814-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	fa8b0e0b53f533ba780445b19bffe99c.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\uz-cyrl.txt.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee.dll.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\fr-FR\MSTTSLoc.dll.mui	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IpsMigrationPlugin.dll.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hr-HR\tipresx.dll.mui	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\micaut.dll.mui.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\pt-BR\tipresx.dll.mui.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tpcps.dll	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Tanspecks.jpg.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\oledb32r.dll.mui.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\7-Zip\License.txt.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mshwLatin.dll.mui.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\tipresx.dll.mui.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\IPSEventLogMsg.dll.mui.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad.xml	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipskor.xml	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpn.dll.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	fa8b0e0b53f533ba780445b19bffe99c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkObj.dll.mui	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\TipRes.dll.mui.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(inch).wmf	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwruklm.dat.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mip.exe.mui	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\mip.exe.mui.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrlatinlm.dat	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\7-Zip\7-zip.dll	fa8b0e0b53f533ba780445b19bffe99c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	fa8b0e0b53f533ba780445b19bffe99c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui	fa8b0e0b53f533ba780445b19bffe99c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.exe	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\micaut.dll.mui	fa8b0e0b53f533ba780445b19bffe99c.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui	fa8b0e0b53f533ba780445b19bffe99c.exe

C:\Users\Admin\AppData\Local\Temp\fa8b0e0b53f533ba780445b19bffe99c.exe
"C:\Users\Admin\AppData\Local\Temp\fa8b0e0b53f533ba780445b19bffe99c.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2652-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2652-814-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads