b89f44486e86186a429551798dbc32f457f46645fdbfa0d6601beb20f8d4d4dd

Analysis

max time kernel
75s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2023 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f5eef866c3abb605f7a5fb3f4d3337e8.exe
Size

1.8MB
MD5

f5eef866c3abb605f7a5fb3f4d3337e8
SHA1

cb6ce125c451334dc926abc1368005af56119310
SHA256

b89f44486e86186a429551798dbc32f457f46645fdbfa0d6601beb20f8d4d4dd
SHA512

778be8765fa26b7e564966dc1c48f8da7adeca53d2c55bef6b050125cf95892faff2c11cbdac1484e1eb6df853958a29805197bfc4038d0115fa471b3cc01ac4
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHw:SCqm2Jpr0nNM7Dus7Nx2Q

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4524-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228cc-5.dat	upx
behavioral2/memory/4524-3853-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4524-13405-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	f5eef866c3abb605f7a5fb3f4d3337e8.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_Subscription1-pl.xrm-ms	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalR_OEM_Perp-ul-oob.xrm-ms.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Mozilla Firefox\nssckbi.dll.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.scale-125_contrast-black.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalMedTile.scale-200_contrast-white.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\AppxSignature.p7x.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\UtilitiesCpp.dll	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jre-1.8\bin\server\classes.jsa	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\resources\strings\LocalizedStrings_nb.json	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hu-HU\tipresx.dll.mui	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\custom.lua	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Windows Defender\ja-JP\MsMpRes.dll.mui.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising\bootstrap.html.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\FileForms32x32.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessVL_KMS_Client-ul-oob.xrm-ms	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\MSIPC\en-us\msipc.dll.mui.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PROFILE\PREVIEW.GIF	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\AppxSignature.p7x	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SmallTile.scale-125_contrast-black.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Heart.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\CursorResourceBuilder.dll.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalMedTile.scale-200_contrast-white.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionSmallTile.scale-400.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\WideTile.scale-125.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\cldrdata.jar.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\JUICE___.TTF.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GamesXboxHubBadgeLogo.scale-200_contrast-high.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppPackageLargeTile.scale-100_contrast-white.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_neutral_split.scale-200_8wekyb3d8bbwe\Assets\GetStartedMedTile.scale-200_contrast-black.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSmallTile.scale-150.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-48_altform-lightunplated.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2ssv.dll.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Windows Defender\de-DE\ProtectionManagement.dll.mui.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageWideTile.scale-150.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteNotebookMedTile.scale-100.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libscte27_plugin.dll	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PAGESIZE\PGLBL081.XML.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Infragistics2.Win.UltraWinToolbars.v11.1.dll.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\Assets\tinytile.targetsize-24_contrast-black.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Images\SkypeAppList.targetsize-16_altform-unplated_contrast-black.png	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\offsyml.ttf.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmcachemgr_xl.dll.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\DEEPBLUE\THMBNAIL.PNG.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.IO.IsolatedStorage.dll.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Ion Boardroom.thmx	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\directshow.md.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\MedTile.scale-125.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteNotebookSmallTile.scale-200.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNotePageMedTile.scale-150.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-white\PeopleSplashScreen.scale-125.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ODBC32.DLL.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Windows Defender\fr-FR\OfflineScannerShell.exe.mui	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-125_contrast-white.png.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.ServiceModel.Security.dll	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\ecc.md	f5eef866c3abb605f7a5fb3f4d3337e8.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_MAK-pl.xrm-ms.exe	f5eef866c3abb605f7a5fb3f4d3337e8.exe

C:\Users\Admin\AppData\Local\Temp\f5eef866c3abb605f7a5fb3f4d3337e8.exe
"C:\Users\Admin\AppData\Local\Temp\f5eef866c3abb605f7a5fb3f4d3337e8.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
325KB

MD5
b771b73125076d57b6489a8a05fec3ea

SHA1
3404f6e60f8868bb13743728c31c64c969ee7d09

SHA256
e58dd4a4f98533d3f329483f31b439d6f7a49aba1da2450e36ec115ac7ada9ba

SHA512
3d90e4950fdc4130e013753eaa14bfc0d6dd8a302ab6f668fc92c02f42421811df35761e01c6167a9d85fb34c5020e1cfc96fdb16e6b3ce21b15888d8cab213f

Download Submit
memory/4524-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4524-3853-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4524-13405-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads