e2bc828b7756e7ac1d66e7b386f45e52ee2e1de28729334d05fbd4b39bdc9871

Analysis

max time kernel
161s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 21:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1d2bb4357dce4f0aac85db232d5fdb38.exe
Size

2.0MB
MD5

1d2bb4357dce4f0aac85db232d5fdb38
SHA1

0c4371d4118ee9a7821c409a1f520a6d6fbd4573
SHA256

e2bc828b7756e7ac1d66e7b386f45e52ee2e1de28729334d05fbd4b39bdc9871
SHA512

c97a6d0bb6729d6b44c061782e5a95267445e6fbf289c494b54757e0b4114629136dcdcf25fa7818250b8038d8307ae39e5ffa955ef47e0778aab6692fd818c8
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPj:SCqm2Jpr0nNM7Dus7Nx2kCqj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1756-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/1756-233-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-GB.pak.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsita.xml	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Extensions\external_extensions.json	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrome.7z.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-changjei.xml	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\7-Zip\Lang\ko.txt.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\mshwLatin.dll.mui	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tabskb.dll	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\7-Zip\Lang\ms.txt.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lv-LV\tipresx.dll.mui	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\en-US.pak.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fil.pak.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\rtscom.dll.mui	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\LICENSE	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\System\msadc\msadcor.dll	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoCanary.png.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshi.xml	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\System\wab32res.dll	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nl-nl.dll.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.exe	1d2bb4357dce4f0aac85db232d5fdb38.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav\osknavbase.xml	1d2bb4357dce4f0aac85db232d5fdb38.exe

C:\Users\Admin\AppData\Local\Temp\1d2bb4357dce4f0aac85db232d5fdb38.exe
"C:\Users\Admin\AppData\Local\Temp\1d2bb4357dce4f0aac85db232d5fdb38.exe"
1⤵
- Drops file in Program Files directory
PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
2.0MB

MD5
bfb5557d56c1454eb82f79dc80d15e92

SHA1
66fb6794c505926179fe130346ea45bb97a9aa60

SHA256
9755c00774cc7728f79435aa06e938c50da6fbc13be0ffce59be3395b80d21f1

SHA512
b82cab4e922d14280a39b7549bcf908efefb458ba68467e8229c619678e664b1d531b0576a94449ae0608a07882b07755add82f91e1d02bf837cb6b557bb1e85

Download Submit
memory/1756-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1756-233-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads