08761303c60736fd17b3088775a6b5b1e46c1803358afb7440276b024ded6b24

Analysis

max time kernel
147s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 07:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11f53ca6266c7f39e39ff13e90bf5440.exe
Size

2.8MB
MD5

11f53ca6266c7f39e39ff13e90bf5440
SHA1

60e224d7b695c767bf7451cc3b24d7d02797c601
SHA256

08761303c60736fd17b3088775a6b5b1e46c1803358afb7440276b024ded6b24
SHA512

dc3f937c1f7d00007a3587ce8b0187b83de00c389af7c69b622878348bcb25ec4fa308187e91b01a58f2ddd16bc52edd78cd244f0aaa3e885f5469287c314692
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91s:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0n4

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1084-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227a8-5.dat	upx
behavioral2/memory/1084-384-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\sound.properties	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\content-types.properties	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\oskpred\oskpredbase.xml	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jdk-1.8\bin\pack200.exe.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\fxplugins.dll	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jre-1.8\lib\ext\dnsns.jar.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\policy\unlimited\local_policy.jar.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jre-1.8\bin\jp2iexp.dll.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\7-Zip\Lang\ru.txt.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\System\ado\it-IT\msader15.dll.mui.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jdk-1.8\include\win32\bridge\AccessBridgeCalls.c.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\xerces.md.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipshrv.xml	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jre-1.8\legal\javafx\public_suffix.md.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-datetime-l1-1-0.dll	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\mlib_image.dll.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TipTsf.dll.mui.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenUSlm.dat.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-rtlsupport-l1-1-0.dll.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\7-Zip\7zCon.sfx.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pt-PT\tipresx.dll.mui	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Internet Explorer\es-ES\ieinstal.exe.mui.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\oledb32r.dll.mui	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\de-DE\msinfo32.exe.mui.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-CA\tipresx.dll.mui	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\security\blacklisted.certs.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.16.xml	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-locale-l1-1-0.dll.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Java\jre-1.8\lib\tzdb.dat.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-tw.dll	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\pl-PL\tipresx.dll.mui.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\es.pak.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\ecc.md	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Workflow.VisualBasic.Targets	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mip.exe.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Internet Explorer\it-IT\ieinstal.exe.mui	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-time-l1-1-0.dll	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\WindowsAccessBridge-64.dll	11f53ca6266c7f39e39ff13e90bf5440.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-MX\tipresx.dll.mui.exe	11f53ca6266c7f39e39ff13e90bf5440.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\colorimaging.md	11f53ca6266c7f39e39ff13e90bf5440.exe

C:\Users\Admin\AppData\Local\Temp\11f53ca6266c7f39e39ff13e90bf5440.exe
"C:\Users\Admin\AppData\Local\Temp\11f53ca6266c7f39e39ff13e90bf5440.exe"
1⤵
- Drops file in Program Files directory
PID:1084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
321KB

MD5
896acdc7206a4b94cbee3b5dc6307dc9

SHA1
954076135ab20647e5eca80ba88062eded846a6e

SHA256
c8fd1f3af920c78f878e91dfd7f66ef289aab33143e4bb99413f9934167cfd78

SHA512
4326e80b6b0b5be11a7f2f0f21f8d6da0fa556b79d7a4c8437d676af5d20929cf909098f551fa4909a52a6a4f21e9115401b6002af5016c86c2902a6927bcbad

Download Submit
memory/1084-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1084-384-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads