4ec4ff1ad6daae7da97c60583c8252a8d590aa61b4362d57ed3cbaea45e764ea

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a82c8f0adfab96562be322c7f73d208.exe
Size

1.8MB
MD5

0a82c8f0adfab96562be322c7f73d208
SHA1

5dd78571e0e28b0c7596d0d28f44da8c7c173c30
SHA256

4ec4ff1ad6daae7da97c60583c8252a8d590aa61b4362d57ed3cbaea45e764ea
SHA512

1449b31d264193b49f7c265b21e49aed57554c571939f93c815ea675f50fa1d81a200f6d3a0168018c1195b4941e012f4cde4afd26239893dbad7e9bcd464fa1
SSDEEP

24576:N6pQPxQ2JyP2r5mJV91xM7RpbwgIvQ7NxqWLCvR:NCqm2Jpr0nNM7DuQ7NxoJ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2264-0-0x0000000000400000-0x00000000005BB000-memory.dmp	upx
behavioral2/files/0x00020000000228ae-5.dat	upx
behavioral2/memory/2264-3451-0x0000000000400000-0x00000000005BB000-memory.dmp	upx
behavioral2/memory/2264-13415-0x0000000000400000-0x00000000005BB000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\desktop.ini	0a82c8f0adfab96562be322c7f73d208.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\orb.idl	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial4-ppd.xrm-ms.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\Microsoft.Excel.Amo.dll	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\diff_match_patch_uwp.dll	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteWideTile.scale-200.png	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchLargeTile.contrast-white_scale-200.png	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jfxwebkit.dll.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_sv.properties.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Microsoft Office\root\Office16\1033\ONGuide.onepkg.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\DUBAI-REGULAR.TTF	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\AppxManifest.xml	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.XboxApp_48.49.31001.0_neutral_split.scale-200_8wekyb3d8bbwe\AppxBlockMap.xml	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.17.29001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubWideTile.scale-200.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\tr\ReachFramework.resources.dll.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\BadgeLogo.scale-400.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationUI.resources.dll	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-crt-stdio-l1-1-0.dll	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\_Resources\22.rsrc.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\UIAutomationProvider.resources.dll.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\SmallTile.scale-400_contrast-white.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\sunpkcs11.jar.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\Logo.scale-100_contrast-black.png	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\PhotosApp\Assets\ThirdPartyNotices\ThirdPartyNotices.html.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\ScreenSketchSplashScreen.scale-100_contrast-white.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Globalization.dll	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Sort\TAG.XSL.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Microsoft Office\root\rsod\office.x-none.msi.16.x-none.boot.tree.dat	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Microsoft Office\root\vreg\dcfmui.msi.16.en-us.vreg.dat.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageSplashScreen.scale-400.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_kor.xml.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-30_altform-unplated_contrast-white.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square310x310Logo.scale-125.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\webviewCore.min.js	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-64_altform-unplated_contrast-white.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\OutlookMailSmallTile.scale-100.png	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Document Themes 16\Office Theme.thmx	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-white\MixedRealityPortalAppList.targetsize-24_altform-unplated_contrast-white.png	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-40_altform-unplated.png	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\ScreenSketchSplashScreen.scale-125_contrast-white.png	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Microsoft Office\root\Client\AppvIsvSubsystems32.dll.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\OutlookR_Grace-ul-oob.xrm-ms	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\PPINTL.DLL	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\as80.xsl.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\SmallTile.scale-100.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsAppList.targetsize-24.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\jsaddins\onenote-winrt-16.00.js	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Console.dll	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\UIAutomationProvider.resources.dll	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\MSOIDCLIL.DLL	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\Mozilla Firefox\api-ms-win-crt-math-l1-1-0.dll	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-54_altform-unplated.png	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\RTL\contrast-white\WideTile.scale-100.png	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarAppList.targetsize-20.png	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\onboarding\contacts_permission_android.gif	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-48.png.exe	0a82c8f0adfab96562be322c7f73d208.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Security.SecureString.dll	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageAppList.targetsize-256_altform-unplated.png	0a82c8f0adfab96562be322c7f73d208.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\BadgeLogo.scale-125_contrast-white.png	0a82c8f0adfab96562be322c7f73d208.exe

C:\Users\Admin\AppData\Local\Temp\0a82c8f0adfab96562be322c7f73d208.exe
"C:\Users\Admin\AppData\Local\Temp\0a82c8f0adfab96562be322c7f73d208.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2264

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
128KB

MD5
6701db9a2643d01ed937ff224d5bc03b

SHA1
083cea408487efed8027e99c2b2fe89ecff27fb6

SHA256
3d43a874d7ed543b0d0487aa5c7848058eb780b3f06fed6da7cac2670443d8b9

SHA512
e0a0a4d37a4e802205f298016aecc29c5987baedea541554e297a639fe7a1bd12873b4cccfe35b966f1f32e96da6599452f3c863d60fdbe36504879bb95bb16d

Download Submit
memory/2264-0-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2264-3451-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2264-13415-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads