793943e1de29fee53fa12317afeaf7e82a87f64777e17bfec19f03df487b78c3

Analysis

max time kernel
68s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0dcf387e594d9d161c18a02daf82926d.exe
Size

1.8MB
MD5

0dcf387e594d9d161c18a02daf82926d
SHA1

60ac9326d6600405a24b0b03bac8c7435ba98f1f
SHA256

793943e1de29fee53fa12317afeaf7e82a87f64777e17bfec19f03df487b78c3
SHA512

278806ecb705ed56d6e668f3786ca91368e69be4ef8d6f4a2bdfbdfb523ff526b65d40e75d768708568503a7e4dedf9716b4f6771d07e0ddca78be16e2c68bbb
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHb:SCqm2Jpr0nNM7Dus7Nx27

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4984-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022849-5.dat	upx
behavioral2/memory/4984-987-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_ja.properties	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsar.xml.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-BR\tipresx.dll.mui.exe	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\7-Zip\Lang\pa-in.txt.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-processthreads-l1-1-1.dll.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Internet Explorer\sqmapi.dll.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-file-l2-1-0.dll.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\ko-kr.xml.exe	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\THIRDPARTYLICENSEREADME-JAVAFX.txt	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\mip.exe.mui.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\ea.xml	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tipresx.dll.mui	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140.dll	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\[email protected]	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\tr.pak.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\ssv.dll.exe	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-filesystem-l1-1-0.dll	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\DismountJoin.wdp.exe	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\EditCompress.txt	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-memory-l1-1-0.dll	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdeu.xml	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\7-Zip\Lang\af.txt.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tipskins.dll.exe	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-private-l1-1-0.dll	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\icu_web.md	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\GetRename.xls.exe	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Internet Explorer\fr-FR\ieinstal.exe.mui	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png.exe	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\InvokeExit.pub	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe.exe	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgePackages.h	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\106.0.5249.119.manifest.exe	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknumpad\osknumpadbase.xml.exe	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.exe	0dcf387e594d9d161c18a02daf82926d.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\ext\sunpkcs11.jar.exe	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll	0dcf387e594d9d161c18a02daf82926d.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_CopyNoDrop32x32.gif	0dcf387e594d9d161c18a02daf82926d.exe

C:\Users\Admin\AppData\Local\Temp\0dcf387e594d9d161c18a02daf82926d.exe
"C:\Users\Admin\AppData\Local\Temp\0dcf387e594d9d161c18a02daf82926d.exe"
1⤵
- Drops file in Program Files directory
PID:4984

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
3KB

MD5
3fdebc132778b6eae99fae820fb4e992

SHA1
955b873088f37e56f8ae9b226be5da523676a800

SHA256
992942c9cf6c06d6adf86e52522c92c3423f30345b637e745dd647a6f2fe75f0

SHA512
809dcb6acb3ad43c94fb6840b9d3bb971512f48f8fe61c4cd7eaf472a3b69b6c0cd1f69756b04211b47691177831660145223f9ba281d730db7de2d5caa265ed

Download Submit
memory/4984-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4984-987-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads