a2abad819e1b9437dc00d74dbacbd07f9c11b950e5b7b82d913e608fb155ba91

Analysis

max time kernel
4s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 00:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

08a6194070b3efee94d9413f1259f286.exe
Size

1.8MB
MD5

08a6194070b3efee94d9413f1259f286
SHA1

b3434943e76c69cf5e664d12bced43fb590eefdf
SHA256

a2abad819e1b9437dc00d74dbacbd07f9c11b950e5b7b82d913e608fb155ba91
SHA512

77d8fe3a54f223b85299ee9ec913a896d1995f8462f0a01bb845d9b85aa278341b4a9b1dba17269176bee674ee852bcc073c562259271fc2bf03349a7bc9af62
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqU:SCqm2Jpr0nNM7Dus7NxR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4884-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228a0-5.dat	upx
behavioral2/memory/4884-5197-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4884-13415-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\7-Zip\Lang\kk.txt.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\7-Zip\Lang\ext.txt.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\SharedPerformance.man.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TipTsf.dll.mui.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-timezone-l1-1-0.dll.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\concrt140.dll	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\7-Zip\Lang\ku.txt.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqlxmlx.rll.mui.exe	08a6194070b3efee94d9413f1259f286.exe
File created	C:\Program Files\7-Zip\Lang\ba.txt.exe	08a6194070b3efee94d9413f1259f286.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll	08a6194070b3efee94d9413f1259f286.exe

C:\Users\Admin\AppData\Local\Temp\08a6194070b3efee94d9413f1259f286.exe
"C:\Users\Admin\AppData\Local\Temp\08a6194070b3efee94d9413f1259f286.exe"
1⤵
- Drops file in Program Files directory
PID:4884

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.1MB

MD5
e720ee10b28c6c7e013c712715b67dde

SHA1
bd35e4e4ebab6b2267a6a2f5d960cd70c35ee720

SHA256
ef42f9ece054b0463c9138dc00cc47d73a87e06db998cb9ead2c08f74725e62d

SHA512
dc34e63115a04308c24424d04296f4bb53c43fc3e6d74e1bf76f44ea86398aafef01d40828baf54dd20ce23909b5c75ec173c9c3714d418dfa4bf8e9643eaa11

Download Submit
memory/4884-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4884-5197-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4884-13415-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads