44208ca2be6f5a4c21c35c870f5eb4d9f87c426b1356e7bfa1790fabb6b92c4d

Analysis

max time kernel
4s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08dbd6298489020137e63e91357cc689.exe
Size

1.8MB
MD5

08dbd6298489020137e63e91357cc689
SHA1

bf2ae92354a3777c3042ab23cff16a373e483be1
SHA256

44208ca2be6f5a4c21c35c870f5eb4d9f87c426b1356e7bfa1790fabb6b92c4d
SHA512

26b76389ac3cf5db319577525858e786cb724836e2eaeafa8b698a4da0634744f88b642d120b720cd56c878ac1780759949895c252bfb780adfa3b6fcef8e4e4
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqi:SCqm2Jpr0nNM7Dus7NxH

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4672-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4672-6029-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4672-13417-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.nb-no.dll	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\ado\msadomd28.tlb.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\ado\de-DE\msader15.dll.mui	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\7-Zip\7-zip.chm.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-locale-l1-1-0.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVCatalog.dll	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msix.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ucrtbase.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\CloseLimit.MTS	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lv-lv.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\7-Zip\7-zip.dll.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.es-es.dll.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InkObj.dll.mui.exe	08dbd6298489020137e63e91357cc689.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.exe	08dbd6298489020137e63e91357cc689.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	08dbd6298489020137e63e91357cc689.exe

C:\Users\Admin\AppData\Local\Temp\08dbd6298489020137e63e91357cc689.exe
"C:\Users\Admin\AppData\Local\Temp\08dbd6298489020137e63e91357cc689.exe"
1⤵
- Drops file in Program Files directory
PID:4672

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4672-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4672-6029-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4672-13417-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads