4e95776e19256b96f22d6c983585c467527f7b05ef138f1e308e416a1554ca36

Analysis

max time kernel
139s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:08

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

040f1044119b9f7546c9e06485c405a7.exe
Size

1.8MB
MD5

040f1044119b9f7546c9e06485c405a7
SHA1

c01928e7dfe9125e6a6167f7c0da96f5c1443a2c
SHA256

4e95776e19256b96f22d6c983585c467527f7b05ef138f1e308e416a1554ca36
SHA512

f4b7d3de4055c3802afa394f06e76887b5ca17ec3ed4bb216033f00c91e0c50695d4559b19fae5528e952c6f7cd7c6c4a7104a9d3ed17a47fe67a146802de314
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqVa:SCqm2Jpr0nNM7Dus7Nxh

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2132-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002f000000016cd7-5.dat	upx
behavioral1/memory/2132-318-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	040f1044119b9f7546c9e06485c405a7.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Internet Explorer\jsdebuggeride.dll.exe	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-13	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png.exe	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl.bat	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.password.template	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Danmarkshavn.exe	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT-9.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Vilnius.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\BlockRevoke.wma.exe	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jstack.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\7-Zip\Lang\gu.txt.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\fr-FR\msinfo32.exe.mui.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ko.pak.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkWatson.exe.mui.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Regina.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Brunei.exe	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Norfolk	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\7-Zip\Lang\sr-spl.txt.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Asuncion	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Fiji	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.exe	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\af.pak	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrb.xml.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Internet Explorer\JSProfilerCore.dll.exe	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\t2k.dll.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\dicjp.bin	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Internet Explorer\DiagnosticsHub_is.dll	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Vancouver.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Content.xml.exe	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\en-US\msinfo32.exe.mui.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Mexico_City.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	040f1044119b9f7546c9e06485c405a7.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\setEmbeddedCP.bat	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+12.exe	040f1044119b9f7546c9e06485c405a7.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	040f1044119b9f7546c9e06485c405a7.exe

C:\Users\Admin\AppData\Local\Temp\040f1044119b9f7546c9e06485c405a7.exe
"C:\Users\Admin\AppData\Local\Temp\040f1044119b9f7546c9e06485c405a7.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
29e59ed24c1889757dca6acea5adb937

SHA1
bda5fe3aee3557f47961fa5776f250309f876d05

SHA256
acb223e66f2c704c50098302aa19c7cba3692c9658ee3d4064d50fbcc4273d17

SHA512
47e1780e3c28489e770a64afd66a3dc33925f2e8459a0c49371371b3850a6137128ae91f85b040880d9b5da0dbd8daec903c7b915e2486f3bf16a11185d07930

Download Submit
memory/2132-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2132-318-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads