abd210b05a35108bb79f3e90fefcd6e20e7857d66315c416487794f8adc6b837

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 23:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0675b7627d4423c17a4ee1f84075c31f.exe
Size

1.8MB
MD5

0675b7627d4423c17a4ee1f84075c31f
SHA1

e326695bec1ed6c9367fab221aa9ece3f322c10f
SHA256

abd210b05a35108bb79f3e90fefcd6e20e7857d66315c416487794f8adc6b837
SHA512

1f5fce7bc222a3ab3a99593957c384e79bfd856f236720c7d10e7b60f16ddba151c0c0820e75e32885b47a9972ef89f5573c906423975754ce7de13478407b0f
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHZ:SCqm2Jpr0nNM7Dus7Nx25

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4356-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227bf-5.dat	upx
behavioral2/memory/4356-241-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-synch-l1-2-0.dll.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll.sig	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\icudtl.dat.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-libraryloader-l1-1-0.dll.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-console-l1-1-0.dll.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\7-Zip\7zG.exe.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\attach.dll	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_jpn.xml.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-2-0.dll.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsen.xml.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCallbacks.h	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\et.pak	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Internet Explorer\images\bing.ico	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-math-l1-1-0.dll.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Java\jdk-1.8\THIRDPARTYLICENSEREADME.txt.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.exe	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml	0675b7627d4423c17a4ee1f84075c31f.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ja.pak	0675b7627d4423c17a4ee1f84075c31f.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jawt.dll	0675b7627d4423c17a4ee1f84075c31f.exe

C:\Users\Admin\AppData\Local\Temp\0675b7627d4423c17a4ee1f84075c31f.exe
"C:\Users\Admin\AppData\Local\Temp\0675b7627d4423c17a4ee1f84075c31f.exe"
1⤵
- Drops file in Program Files directory
PID:4356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
2a7b98e983c37bee0399bab039294e95

SHA1
9c0871cf5f944f8bdd990794947885ff24a655b5

SHA256
372afa9a663ed67768629d758e21a9f4511be26985ad31b16da8729b5c9898fd

SHA512
7739b23ea41db18a8d6730daa0f82e8f42f17616d26a8a83df662196f1c5f4122d64c9d4394501dfe1d28e5229f4b5bc04c5fbb9a1cf44701158e3ec842fd113

Download Submit
memory/4356-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4356-241-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads