8445a712f7de5a37ba2b8f6eb9cdae9872c9b19ff7fbabc0631dfb8691e33455

Analysis

max time kernel
160s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 07:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11bc89b79decad08014a13cc09461224.exe
Size

1.8MB
MD5

11bc89b79decad08014a13cc09461224
SHA1

9cd39869f13aadbb3fb3a21bfdcad95885d30bd4
SHA256

8445a712f7de5a37ba2b8f6eb9cdae9872c9b19ff7fbabc0631dfb8691e33455
SHA512

95308cc850f2d9172386bd5fb45fbce87c38b6b4db1144d31e0b27d306044946d62b3de51797d11bcd2cb489cf70699a6ceeaf3a3cf535e65df79c67a91933ab
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqtk:SCqm2Jpr0nNM7Dus7Nx7

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3440-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/3440-252-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\messages_it.properties.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\TipRes.dll.mui	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ko-KR\tipresx.dll.mui.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ro-RO\tipresx.dll.mui	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-util-l1-1-0.dll.exe	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-string-l1-1-0.dll	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\glass.dll.exe	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\javafx.properties	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipsdan.xml.exe	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\server\jvm.dll	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\net.properties	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\j2pcsc.dll	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\7-Zip\Lang\vi.txt.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\et-EE\tipresx.dll.mui	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_rtl.xml.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipskor.xml	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\lt-LT\tipresx.dll.mui	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\it-IT\rtscom.dll.mui	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\nio.dll	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\deployment.config	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Java\jre-1.8\bin\awt.dll.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOLoader.dll.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\images\cursors\win32_MoveDrop32x32.gif	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\lib\sa-jdi.jar	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-processenvironment-l1-1-0.dll.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.cs-cz.dll.exe	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Java\jdk-1.8\bin\javac.exe.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\gstreamer.md.exe	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOMessageProvider.dll	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipTsf.dll.mui	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe.exe	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\bci.dll	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\zh-CN\tipresx.dll.mui	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\manifest.json	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\jfr.jar	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\hu.pak.exe	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\rtscom.dll.mui.exe	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2iexp.dll	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\prism_d3d.dll	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.exe	11bc89b79decad08014a13cc09461224.exe
File created	C:\Program Files\7-Zip\Lang\ja.txt.exe	11bc89b79decad08014a13cc09461224.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-math-l1-1-0.dll	11bc89b79decad08014a13cc09461224.exe

C:\Users\Admin\AppData\Local\Temp\11bc89b79decad08014a13cc09461224.exe
"C:\Users\Admin\AppData\Local\Temp\11bc89b79decad08014a13cc09461224.exe"
1⤵
- Drops file in Program Files directory
PID:3440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
7061f6592c2ffcd1e37f9be3298c9cdb

SHA1
bfa53adbeb7f06226510c904a7f34251c75c94ee

SHA256
6639ad618ce4e748898b31d948d7bf225a046d56c67b6860f7c0c5360ce88b76

SHA512
1b90e116697c0def14b7b2de32244ca52c12335d8e31321a0de2d05f8b4597d57744ac8a202f8b9ec2df2de9595bfad4668e9c213e5e3aadf84504cc8dc1b2d2

Download Submit
memory/3440-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3440-252-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads