36b307d9858569a2e761607321549f0dca4bee143c7e7c8bb9ff5a9ff61917a7

Analysis

max time kernel
144s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 23:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

208f1093125540a6107d218bd03fa3e1.exe
Size

1.8MB
MD5

208f1093125540a6107d218bd03fa3e1
SHA1

a03578bd51e9c2df7f190b39ff673002b85d61f4
SHA256

36b307d9858569a2e761607321549f0dca4bee143c7e7c8bb9ff5a9ff61917a7
SHA512

469d37d8bd4365ed75fbf97dc7b09a44621ea78e4fee7056b5dcb17dbacceaee47a8d85e791d85f0d48e88cf9df7a0a01bf55af4194bbcb2b8093a87bfad0f1c
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHR:SCqm2Jpr0nNM7Dus7Nx2x

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2908-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022849-5.dat	upx
behavioral2/memory/2908-544-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_zh_TW.properties	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Microsoft Office\root\Client\vcruntime140.dll.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_OEM_Perp3-ul-oob.xrm-ms	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\OSPP.HTM	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jre-1.8\lib\plugin.jar.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-math-l1-1-0.dll.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jdk-1.8\include\jvmticmlr.h.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\verify.dll.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\fontmanager.dll	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscat.xml.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-pl.xrm-ms.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\MondoR_SubTest-pl.xrm-ms.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jsoundds.dll	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\santuario.md	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\7-Zip\Lang\nn.txt.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Common Files\System\msadc\msaddsr.dll	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jre-1.8\lib\images\cursors\cursors.properties.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\MondoVL_KMS_Client-ul.xrm-ms	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_SubTest4-ppd.xrm-ms	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunec.jar	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jre-1.8\legal\jdk\asm.md.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Colors\Red Violet.xml.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessPipcR_Grace-ppd.xrm-ms	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOLoaderUI.dll	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jre-1.8\bin\javafx_font.dll.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Gallery.thmx	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jre-1.8\lib\jce.jar.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\policy\limited\US_export_policy.jar.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.Targets	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Microsoft Office\root\Integration\C2RManifest.PowerPoint.PowerPoint.x-none.msi.16.x-none.xml.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\access-bridge-64.jar.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremDemoR_BypassTrial365-ppd.xrm-ms	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hr.pak	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sw.pak.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\7-Zip\Lang\hi.txt.exe	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\JavaAccessBridge-64.dll	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365BusinessR_SubTrial-pl.xrm-ms	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jdk-1.8\legal\javafx\libxml2.md.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\7-Zip\Lang\lv.txt.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipRes.dll.mui	208f1093125540a6107d218bd03fa3e1.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	208f1093125540a6107d218bd03fa3e1.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.exe	208f1093125540a6107d218bd03fa3e1.exe

C:\Users\Admin\AppData\Local\Temp\208f1093125540a6107d218bd03fa3e1.exe
"C:\Users\Admin\AppData\Local\Temp\208f1093125540a6107d218bd03fa3e1.exe"
1⤵
- Drops file in Program Files directory
PID:2908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
397KB

MD5
e7656fee3ccbd1e419c40534f942d2b5

SHA1
28bffbc6a715babf4fc6eb45203ad5167e3d8f9d

SHA256
ec2ed7b1d8aefcf9e275a7a4488a1df7734d04de96d474ab21bcf9c096ff8942

SHA512
ae95d8b440fba3f450141d0012418c0de3dc6179eb834693a46bb02b4462e692c894c5dea734b2d7a1310af730375aa1ce53d2455fcc57a598659e81d91188de

Download Submit
memory/2908-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2908-544-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads