c8be4a8896d38cb1f16d8dab3e3f3228f73df7d4c20c6f8cfecf526306f01704

Analysis

max time kernel
159s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 22:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1e9cf03da4fe735ffe7c23da03af7c31.exe
Size

1.8MB
MD5

1e9cf03da4fe735ffe7c23da03af7c31
SHA1

32ae9209cef75ee6963ed56f60ee84d844aae5fd
SHA256

c8be4a8896d38cb1f16d8dab3e3f3228f73df7d4c20c6f8cfecf526306f01704
SHA512

45ef1bbed197ed50c6e60c979753d21e05090f0e3747e2104da7be6f49b4d7634258ea841484f27256a7ca90cb17c9fc01f4cff553180edaa250339f3befc9c1
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkH2:SCqm2Jpr0nNM7Dus7Nx2W

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2632-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/2632-236-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\7-Zip\Lang\bn.txt.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsid.xml.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\vi.pak	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskclearui.xml	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_altgr.xml.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabIpsps.dll	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdaps.dll	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipRes.dll.mui	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssve.xml	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\LICENSE	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\7-Zip\Lang\hu.txt.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsfin.xml.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrl.xml.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\7-Zip\Lang\gl.txt.exe	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	1e9cf03da4fe735ffe7c23da03af7c31.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll	1e9cf03da4fe735ffe7c23da03af7c31.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat	1e9cf03da4fe735ffe7c23da03af7c31.exe

C:\Users\Admin\AppData\Local\Temp\1e9cf03da4fe735ffe7c23da03af7c31.exe
"C:\Users\Admin\AppData\Local\Temp\1e9cf03da4fe735ffe7c23da03af7c31.exe"
1⤵
- Drops file in Program Files directory
PID:2632

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
eaa17c5c84bf1450e7486dfa93057e09

SHA1
e5bf3490cc8b5803394aebcdaacaf6f07f93a2b1

SHA256
d6ec36eb3bd0731462fe042b21af54c1b6f20caeb837f8e34de0ad6d30e1ef70

SHA512
923bdec16262851086921b13023e713450637f39a1e73a341dd5bdf095715bbb2ead6ef4b7691d652f3eaa2b82dad2f88e488acbadfb06eba378072bccca154a

Download Submit
memory/2632-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2632-236-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads