c4250c58a22fadafc0e6ed39a898e0a54ab0516474bb6df9bb8125000a567ace

Analysis

max time kernel
164s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 05:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f85505aab404b6d377161f6d8f6ee58.exe
Size

1.8MB
MD5

0f85505aab404b6d377161f6d8f6ee58
SHA1

bab3ab4b5389cb67510abf5e3f8346a9019d4ac2
SHA256

c4250c58a22fadafc0e6ed39a898e0a54ab0516474bb6df9bb8125000a567ace
SHA512

4830c0c38fd2b5fc19e20b87c736acdd7103f76057ed37470306f438e0ae0c9c006ee8d2317d246fca6e20bcf2458e0db3aa65b08426a553f37ae54180c20a2c
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHl:SCqm2Jpr0nNM7Dus7Nx2F

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3772-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/3772-167-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsPlugin.dll	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Internet Explorer\ExtExport.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Internet Explorer\en-US\ieinstal.exe.mui.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-br.dll	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsptb.xml.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\preloaded_data.pb.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\7-Zip\Lang\tt.txt.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\System\wab32.dll	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VC\msdia100.dll	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fi-FI\tipresx.dll.mui.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\uk-UA\tipresx.dll.mui	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqlxmlx.rll.mui.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\resources.pak	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ru.pak.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\7-Zip\Lang\el.txt.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\baseAltGr_rtl.xml.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\rtscom.dll	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\sk-SK\tipresx.dll.mui.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoDev.png	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-timezone-l1-1-0.dll	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\7-Zip\Lang\ka.txt.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TabTip.exe.mui.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Internet Explorer\ja-JP\iexplore.exe.mui	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\7-Zip\Lang\ne.txt.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-console-l1-1-0.dll.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbvbs.inc.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe.exe	0f85505aab404b6d377161f6d8f6ee58.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\micaut.dll.mui.exe	0f85505aab404b6d377161f6d8f6ee58.exe

C:\Users\Admin\AppData\Local\Temp\0f85505aab404b6d377161f6d8f6ee58.exe
"C:\Users\Admin\AppData\Local\Temp\0f85505aab404b6d377161f6d8f6ee58.exe"
1⤵
- Drops file in Program Files directory
PID:3772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
ddd54c89c45dc53b4aeffdcc53fcad48

SHA1
9db88bbfca0575a05b53a82c278e4de5c578ba84

SHA256
11ae787527288b07e868b78971520b0f6c6589e2d81f412b57017fb163f47d4c

SHA512
bc45f471ca504910d6545e7af0dc633b31ae66d4aa7a4c9c9f755537179e62c5b61d7f13e1a825b77d9e6475e974b5d557a4c11d2d3a55d40d51263905924fe8

Download Submit
memory/3772-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3772-167-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads