b0f868b43e7d7bf16719f9dbb5ac1af981911510a7642723fe247b61b6e0dd99

Analysis

max time kernel
43s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2023 23:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ffef26ae41b28ff65ddb5d6df49e5e7d.exe
Size

1.8MB
MD5

ffef26ae41b28ff65ddb5d6df49e5e7d
SHA1

5aec2efa9bf9d3efb5097773c4c489f2e7b1f7cf
SHA256

b0f868b43e7d7bf16719f9dbb5ac1af981911510a7642723fe247b61b6e0dd99
SHA512

6b228eb96486d73fb4b78c767c0a7c265d4a65136e45f05d55dbf1495ba9ac05b86e85fb5a0a1abc136cf296e0702539c8206ee5b519c8412fe384972f1e3447
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqU:SCqm2Jpr0nNM7Dus7NxV

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4592-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228ac-5.dat	upx
behavioral2/memory/4592-6163-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4592-13405-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	ffef26ae41b28ff65ddb5d6df49e5e7d.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ACEODTXT.DLL.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_imem_plugin.dll	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_OEM_Perp-pl.xrm-ms.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCHART.DLL.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Linq.Resources.dll.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\sd\jamendo.luac.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\intf\dummy.luac.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\VideoLAN\VLC\lua\http\js\ui.js.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Localytics.dll	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Java\jre-1.8\lib\management\snmp.acl.template.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeStudentR_Trial2-pl.xrm-ms	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest2-ppd.xrm-ms	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp5-ul-oob.xrm-ms	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\XLSLICER.DLL	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\BLUEPRNT\THMBNAIL.PNG	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SLATE\THMBNAIL.PNG.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraMedTile.scale-125.png.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Java\jre-1.8\bin\management.dll.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019MSDNR_Retail-ul-phn.xrm-ms	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Templates\1033\TimelessReport.dotx	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProDemoR_BypassTrial180-ul-oob.xrm-ms.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\QUAD\QUAD.ELM.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Windows Photo Viewer\ja-JP\PhotoAcq.dll.mui	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.scale-125.png	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fr.pak.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\OFFSYMK.TTF.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\TEXTCONV\WPFT532.CNV	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\DMR_120.png	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\BORDERS\MSART9.BDR	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jpeg.dll.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Standard2019R_Retail-ul-phn.xrm-ms.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Windows Defender\es-ES\ProtectionManagement_Uninstall.mfl.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Java\jdk-1.8\lib\tools.jar.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\Microsoft.Office.Tools.Common.dll.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\Templates\1033\AdjacencyLetter.dotx.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\[email protected]	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsMedTile.scale-125.png.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusDemoR_BypassTrial365-ppd.xrm-ms	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_SubTrial2-pl.xrm-ms	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\THMBNAIL.PNG.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processthreads-l1-1-0.dll	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-filesystem-l1-1-0.dll	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlus2019R_OEM_Perp6-pl.xrm-ms	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\MSOUC.HXS.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\tr\msipc.dll.mui	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_SubTest-ul-oob.xrm-ms.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\mscss7wre_fr.dub	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsSoundRecorder_10.1906.1972.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-black_scale-200.png	ffef26ae41b28ff65ddb5d6df49e5e7d.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\StoreLogo.scale-125_contrast-white.png.exe	ffef26ae41b28ff65ddb5d6df49e5e7d.exe

C:\Users\Admin\AppData\Local\Temp\ffef26ae41b28ff65ddb5d6df49e5e7d.exe
"C:\Users\Admin\AppData\Local\Temp\ffef26ae41b28ff65ddb5d6df49e5e7d.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4592

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
640KB

MD5
5b1508bedf181ebd016edaea52056fb7

SHA1
d919b205572a4e8a9d8348e02af238401b9aa06f

SHA256
a515043ab5165ee382a580d5ed7b99244e146a0ccffc75feb18df1405e55318d

SHA512
44f77650323de55de6c185cc1ef23a30ff8822fc43e63a918c7ab8c886baa9f11f81065f1dd4cb7a7ce8a9cc2b33a598389f07b53933a1761fbfb68994486a11

Download Submit
memory/4592-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4592-6163-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4592-13405-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads