f4936df71d7e4775986f3cef7bf3adee518162762055f534a3dc43fc5691cd59

Analysis

max time kernel
3s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

120357cfc3b4eefd04c62c57d6f5fd48.exe
Size

1.8MB
MD5

120357cfc3b4eefd04c62c57d6f5fd48
SHA1

a474a6c26daa3b6aa28eb7ada7c537cc1a123cd4
SHA256

f4936df71d7e4775986f3cef7bf3adee518162762055f534a3dc43fc5691cd59
SHA512

3cce1828c7475905b6312bd41663e52206b0a683da069aa619b73698222948777a2dc795ca5d7a856e1841397bcd4c9077c7f6e6ed84ffbdcfe4de9f16d2a92f
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxq2:SCqm2Jpr0nNM7Dus7NxD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2396-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x00090000000143ec-5.dat	upx
behavioral1/memory/2396-3116-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2396-9210-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	120357cfc3b4eefd04c62c57d6f5fd48.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png	120357cfc3b4eefd04c62c57d6f5fd48.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPOBJS.DLL.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\he-IL\tipresx.dll.mui.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\ShapeCollector.exe.mui	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\mip.exe.mui.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msaddsr.dll.mui	120357cfc3b4eefd04c62c57d6f5fd48.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Small_News.jpg	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\grid_(cm).wmf.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\et-EE\tipresx.dll.mui	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\rtscom.dll.mui.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png	120357cfc3b4eefd04c62c57d6f5fd48.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\System\msadc\msadcfr.dll.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee100.tlb.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Services\verisign.bmp	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msaddsr.dll.mui	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaremr.dll.mui.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png	120357cfc3b4eefd04c62c57d6f5fd48.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\join.avi	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsesp.xml	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png	120357cfc3b4eefd04c62c57d6f5fd48.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\ShadesOfBlue.jpg.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\tabskb.dll.mui	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\System\ado\msado27.tlb.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Pipeline.dll.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui	120357cfc3b4eefd04c62c57d6f5fd48.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\micaut.dll.mui.exe	120357cfc3b4eefd04c62c57d6f5fd48.exe

C:\Users\Admin\AppData\Local\Temp\120357cfc3b4eefd04c62c57d6f5fd48.exe
"C:\Users\Admin\AppData\Local\Temp\120357cfc3b4eefd04c62c57d6f5fd48.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2396

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
382KB

MD5
ef93aa14cf71e8c2b47b3c8422af3ffc

SHA1
d18b8ea4d42c1136cb0960a333afe8834979470f

SHA256
f58fc49f3733f7550f37373ee0bb62e24d1d7e67e682d71d296654e297481b80

SHA512
0df1617b0483ac76a78baa32420b5a5f793fa6c00ac1079fce4c24c8ab66c87aad0a422c9a9cd1935c311e7f0cefd552dc5e9e81e0b27a6b056aeb644c166220

Download Submit
memory/2396-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2396-3116-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2396-9210-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads