Analysis
-
max time kernel
4s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 03:34
Behavioral task
behavioral1
Sample
0d1b8fd5222cca1215c68cb461051f45.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
0d1b8fd5222cca1215c68cb461051f45.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
0d1b8fd5222cca1215c68cb461051f45.exe
-
Size
1.8MB
-
MD5
0d1b8fd5222cca1215c68cb461051f45
-
SHA1
84adeab86fa157d1cf2af38e2db3777bcfb472d2
-
SHA256
b43b12668fa07f55db986f2f026e397be884d2d70f9eb4a6afe82e0c85056c66
-
SHA512
bfdf39ee75a45e512883a0d66aaa5ba8893382c6d11ca6fe997e2550e584ce1d4eace3544403a7fbf109338d5fe935e6f2045f375f82b375d7427abd2873f4fd
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkH9:SCqm2Jpr0nNM7Dus7Nx2d
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/3920-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x0002000000022897-5.dat upx behavioral2/memory/3920-5991-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/memory/3920-13383-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\7-Zip\7z.dll.exe 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\7-Zip\Lang\ast.txt 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\7-Zip\readme.txt 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msadcer.dll.mui.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\7-Zip\Lang\ca.txt.exe 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\7-Zip\Lang\it.txt 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\7-Zip\Lang\it.txt.exe 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\7-Zip\Lang\ru.txt 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\7-Zip\Lang\sw.txt.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\7-Zip\Lang\kk.txt 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\ado\msado27.tlb 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\7-Zip\Lang\af.txt 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\7-Zip\Lang\kk.txt.exe 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert.xml 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\7-Zip\Lang\fy.txt 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\wab32.dll 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.exe 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.de-de.dll 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\7-Zip\Lang\ka.txt.exe 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\7-Zip\Lang\ky.txt 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\ado\adovbs.inc.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\ja-JP\msinfo32.exe.mui.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\7-Zip\readme.txt.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\ado\msadrh15.dll 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\7-Zip\Lang\fur.txt 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\7-Zip\Lang\io.txt.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\Services\verisign.bmp.exe 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\7-Zip\Lang\lt.txt.exe 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\7-Zip\Lang\pl.txt 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\sqlxmlx.rll.mui 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\Ole DB\it-IT\oledb32r.dll.mui 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\7-Zip\Lang\zh-cn.txt.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.exe 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\microsoft shared\ink\fr-FR\tipresx.dll.mui 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\CloseComplete.ico 0d1b8fd5222cca1215c68cb461051f45.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.exe 0d1b8fd5222cca1215c68cb461051f45.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll 0d1b8fd5222cca1215c68cb461051f45.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
832KB
MD54b81023b68ebdf632cc128a956ac9825
SHA1066f67d6521336a11b97af46a38938a4542df889
SHA256da01c476f12c197baa397ded963823c99514a9b8bbf556f890c8d41d9f9e4ae2
SHA51256570ce0f8af86c1f1a669cda1e6d8edfad023c2798dee00081ba8381d1d6efa0b1d931943620d494586f87ad052577999e1f043aa548fb60df12054830c05c9