afc2ea8fc49e9450f881bc978c443e4e66e9cad9e3caf483f649a8d0d9943ece

Analysis

max time kernel
152s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 03:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0d66afcd1a2470404c23313d20b1b215.exe
Size

1.8MB
MD5

0d66afcd1a2470404c23313d20b1b215
SHA1

44702ce7a3e71a05c47780c34d1d5c0e45ce4211
SHA256

afc2ea8fc49e9450f881bc978c443e4e66e9cad9e3caf483f649a8d0d9943ece
SHA512

515ac4dff0e4842a3f647b3cc087420593b6c164018f76bfee8a0e500685cb5eee3aba90bb0de810ad5030a79c7f938d367b0a0a5d128914d52cb5a4805cc80f
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqd:SCqm2Jpr0nNM7Dus7Nxg

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4500-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/4500-263-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\7-Zip\descript.ion.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.en-us.dll.exe	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\InputPersonalization.exe.mui.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-phonetic.xml	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\bn.pak	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sk.pak.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.exe	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_100_percent.pak	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\ApproveCompress.zip	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsesp.xml.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.exe	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\insert\insertbase.xml.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\CheckpointOptimize.easmx.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msadcer.dll.mui	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hi.pak.exe	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msaddsr.dll.mui.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msaddsr.dll.mui	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ru-ru.dll	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-synch-l1-2-0.dll	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\ado\msadox.dll	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.exe	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsrom.xml	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\id.pak.exe	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\msdasqlr.dll.mui	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ur.pak	0d66afcd1a2470404c23313d20b1b215.exe
File opened for modification	C:\Program Files\AddGrant.xml	0d66afcd1a2470404c23313d20b1b215.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.exe	0d66afcd1a2470404c23313d20b1b215.exe

C:\Users\Admin\AppData\Local\Temp\0d66afcd1a2470404c23313d20b1b215.exe
"C:\Users\Admin\AppData\Local\Temp\0d66afcd1a2470404c23313d20b1b215.exe"
1⤵
- Drops file in Program Files directory
PID:4500

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
99f9d8208b060c483b4983c5b433b3ee

SHA1
9e31123b2b26941a585a6213e420e96c01551d6a

SHA256
2e3c628dbbfd0b0b0c2ab8911944e5d012e9db5b0f9d2f754dbba03a8f148d4e

SHA512
2d62d77848041527306f21651aa009d20d2458b3ee84d532c95b4de45306dc5f65885947b268b03cba5bccf922a826f5102692f924ee5630e798b70373c15df3

Download Submit
memory/4500-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4500-263-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads