cc5c3c3fb8d54209073de960096951228e9027fd3d5ce853901d784a7aee20f1

Analysis

max time kernel
6s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 04:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0dc8fbf7b992724206e90a39eb8853af.exe
Size

2.8MB
MD5

0dc8fbf7b992724206e90a39eb8853af
SHA1

996ad416f83e09c376d15b0ef2ee0e2c16a85f40
SHA256

cc5c3c3fb8d54209073de960096951228e9027fd3d5ce853901d784a7aee20f1
SHA512

d098cf217fe2742891559fcdd836a65b85800be44b1aa613e34cfd8ab9c7d34d48cd66668ce3b4df31c14e1771477ec7ce09b3eb2576ff5375afd7572a8959a8
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91W:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0ni

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/5104-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228cc-5.dat	upx
behavioral2/memory/5104-3347-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/5104-8686-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\el-GR\tipresx.dll.mui.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\vccorlib140.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-utility-l1-1-0.dll.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RUI.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\cpprestsdk.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\da-DK\tipresx.dll.mui.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\7-Zip\Lang\da.txt.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkObj.dll.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\Microsoft.Ink.dll.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\msadc\msdaremr.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\7-Zip\Lang\nb.txt.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\ShapeCollector.exe.mui	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\ado\msadox28.tlb.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprst.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fr-fr.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VC\msdia90.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipTsf.dll.mui	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\rtscom.dll.mui	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tipresx.dll.mui	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\7-Zip\Lang\es.txt.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\ado\msado26.tlb.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\7-Zip\Lang\et.txt.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InputPersonalization.exe.mui	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\7-Zip\7zFM.exe.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.exe	0dc8fbf7b992724206e90a39eb8853af.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	0dc8fbf7b992724206e90a39eb8853af.exe
File created	C:\Program Files\7-Zip\Lang\si.txt.exe	0dc8fbf7b992724206e90a39eb8853af.exe

C:\Users\Admin\AppData\Local\Temp\0dc8fbf7b992724206e90a39eb8853af.exe
"C:\Users\Admin\AppData\Local\Temp\0dc8fbf7b992724206e90a39eb8853af.exe"
1⤵
- Drops file in Program Files directory
PID:5104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
92KB

MD5
9b140d12ed22f2930519badf9ff7a9bc

SHA1
677be169e0a5ac0e0f2dfc23d104996bfeb47dda

SHA256
f331b17b00e34942eeafc2cfea065622dc3509efa87723ec8f845d6a8a1989ca

SHA512
fa6f1c2805033d7215efb758db91dacab8d666d106b37e91384b06412db52f84857a4b9c68fdfb62534ddab2c4e9c693d09ede0f415d03c3b6b2833cdeb3bda5

Download Submit
memory/5104-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/5104-3347-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/5104-8686-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads