b89f44486e86186a429551798dbc32f457f46645fdbfa0d6601beb20f8d4d4dd

Analysis

max time kernel
142s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5eef866c3abb605f7a5fb3f4d3337e8.exe
Size

1.8MB
MD5

f5eef866c3abb605f7a5fb3f4d3337e8
SHA1

cb6ce125c451334dc926abc1368005af56119310
SHA256

b89f44486e86186a429551798dbc32f457f46645fdbfa0d6601beb20f8d4d4dd
SHA512

778be8765fa26b7e564966dc1c48f8da7adeca53d2c55bef6b050125cf95892faff2c11cbdac1484e1eb6df853958a29805197bfc4038d0115fa471b3cc01ac4
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHw:SCqm2Jpr0nNM7Dus7Nx2Q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1228-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0008000000019312-5.dat	upx
behavioral1/memory/1228-373-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	f5eef866c3abb605f7a5fb3f4d3337e8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_zh_TW.jar	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.rll.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Soft Blue.htm	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\META-INF\MANIFEST.MF.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\La_Rioja.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\GMT	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\tnameserv.exe.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\wsimport.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\sysinfo.bat	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\wsdetect.dll	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Ushuaia	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.greychart.ui.zh_CN_5.5.0.165303.jar	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols.xml.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\feature.properties.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.help_2.0.102.v20141007-2301\license.html	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Internet Explorer\perfcore.dll	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\InkObj.dll.mui	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.exe.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterRegular.ttf	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\GreenBubbles.jpg.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\ij	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Chuuk.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\bg-BG\tipresx.dll.mui.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad.xml.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\sunmscapi.jar.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.flightrecorder.configuration_5.5.0.165303.jar	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Wrinkled_Paper.gif	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\el-GR\tipresx.dll.mui.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\symbase.xml	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\hprof.dll	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\epl-v10.html	f5eef866c3abb605f7a5fb3f4d3337e8.exe

C:\Users\Admin\AppData\Local\Temp\f5eef866c3abb605f7a5fb3f4d3337e8.exe
"C:\Users\Admin\AppData\Local\Temp\f5eef866c3abb605f7a5fb3f4d3337e8.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
790KB

MD5
031e51e64a457a5d5ffe0bcb19264c0f

SHA1
9ea967f8b8b7de8264058929f239ca1a89b6a7d7

SHA256
77cf3f6bccf9b26ff46a7e239c4b8386172b69b87973ec4df5b8202784f37279

SHA512
2617b7a0de2d93b4d196d5a6f4217e4931eabce1715fd7389f39e7562bc2140e995e8df68aa7b193fe44b48b9daee4aa2570dc3db70623ac497bb07251f54a47

Download Submit
memory/1228-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1228-373-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads