4ec4ff1ad6daae7da97c60583c8252a8d590aa61b4362d57ed3cbaea45e764ea

Analysis

max time kernel
126s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0a82c8f0adfab96562be322c7f73d208.exe
Size

1.8MB
MD5

0a82c8f0adfab96562be322c7f73d208
SHA1

5dd78571e0e28b0c7596d0d28f44da8c7c173c30
SHA256

4ec4ff1ad6daae7da97c60583c8252a8d590aa61b4362d57ed3cbaea45e764ea
SHA512

1449b31d264193b49f7c265b21e49aed57554c571939f93c815ea675f50fa1d81a200f6d3a0168018c1195b4941e012f4cde4afd26239893dbad7e9bcd464fa1
SSDEEP

24576:N6pQPxQ2JyP2r5mJV91xM7RpbwgIvQ7NxqWLCvR:NCqm2Jpr0nNM7DuQ7NxoJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2228-0-0x0000000000400000-0x00000000005BB000-memory.dmp	upx
behavioral1/files/0x0007000000015c75-5.dat	upx
behavioral1/memory/2228-668-0x0000000000400000-0x00000000005BB000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	0a82c8f0adfab96562be322c7f73d208.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jstatd.exe.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.jpg.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tabskb.dll.mui.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\localedata.jar.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxml2.dll.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mshwLatin.dll.mui	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\j2pcsc.dll.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\kcms.dll.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_ja.properties.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Santo_Domingo	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Manaus.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcfr.dll.mui	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\rtstreamsink.ax	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\jni_md.h	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jli.dll.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Internet Explorer\MemoryAnalyzer.dll.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrenclm.dat.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ta.pak.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\msvcr100.dll.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.bat.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_cs.jar.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\System\it-IT\wab32res.dll.mui	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\LogoDev.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jarsigner.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\NetworkServerControl	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\pack200.exe.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\nb-NO\tipresx.dll.mui.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DissolveAnother.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jvisualvm.exe.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Guayaquil	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Metlakatla.exe	0a82c8f0adfab96562be322c7f73d208.exe

C:\Users\Admin\AppData\Local\Temp\0a82c8f0adfab96562be322c7f73d208.exe
"C:\Users\Admin\AppData\Local\Temp\0a82c8f0adfab96562be322c7f73d208.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
3705f2e56822903356b9b14de4cd47d8

SHA1
ea75cf7104c589d361fc8b5113a1770f1b51756b

SHA256
5428d3b331abc53bab22bd02a8ed4cb866f95938ad078b50137e7bd4200d7e2b

SHA512
a9fe56f090c34cde6403e866463db6ebb7e9a93d7a89fdb6836050ef58ae8b919ea628b1eb9edfa01bb4eab9f5e9ec1c8db99dfd9e461744811183ad8981d667

Download Submit
memory/2228-0-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2228-668-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads