2986c7e6139464132dc0b843aaf4a73aad37c2fb14df59ff3d6b27e5576bdaa1

Analysis

max time kernel
3s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

131e432be2ecd2f10e63442a92aaabfa.exe
Size

1.8MB
MD5

131e432be2ecd2f10e63442a92aaabfa
SHA1

210785d577be66e8e7ff96b6036b4dfd3f8dab0e
SHA256

2986c7e6139464132dc0b843aaf4a73aad37c2fb14df59ff3d6b27e5576bdaa1
SHA512

d054c899df65bc69a363f88e7d6dbf23d97d5920ca76c17b5bfff42918713c71b831fdd5407ad38083c2fcc928738085ba02f535229203cf475142e3c234f38c
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqz:SCqm2Jpr0nNM7Dus7NxC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1936-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/1936-2151-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/1936-9212-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	131e432be2ecd2f10e63442a92aaabfa.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\fi.txt.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\rtscom.dll.mui.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\7-Zip\Lang\sv.txt.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ConvertInkStore.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\tipresx.dll.mui	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\en-US\MSTTSLoc.dll.mui.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\mip.exe.mui	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\FlickLearningWizard.exe.mui.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\uk-UA\tipresx.dll.mui	131e432be2ecd2f10e63442a92aaabfa.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\7-Zip\Lang\hr.txt.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Genko_1.emf.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipRes.dll.mui.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\7-Zip\7-zip.dll.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsfin.xml	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tipresx.dll	131e432be2ecd2f10e63442a92aaabfa.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\VSTOInstaller.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\split.avi.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrfrash.dat.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\tr-TR\tipresx.dll.mui	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\rtscom.dll	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\7-Zip\Lang\mr.txt.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\FlickLearningWizard.exe.mui.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\auxpad\auxbase.xml	131e432be2ecd2f10e63442a92aaabfa.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\boxed-split.avi.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\it-IT\ShapeCollector.exe.mui	131e432be2ecd2f10e63442a92aaabfa.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\7-Zip\readme.txt.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\FlickLearningWizard.exe.mui.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsplk.xml	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\th-TH\tipresx.dll.mui.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\tipresx.dll.mui	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\InputPersonalization.exe.mui.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\7-Zip\Lang\it.txt.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\FlickLearningWizard.exe.mui	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.jpg	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\IPSEventLogMsg.dll.mui	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\7-Zip\Lang\co.txt.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\7-Zip\Lang\en.ttt.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\7-Zip\Lang\lij.txt.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipscsy.xml.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwjpnr.dll.exe	131e432be2ecd2f10e63442a92aaabfa.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	131e432be2ecd2f10e63442a92aaabfa.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll	131e432be2ecd2f10e63442a92aaabfa.exe

C:\Users\Admin\AppData\Local\Temp\131e432be2ecd2f10e63442a92aaabfa.exe
"C:\Users\Admin\AppData\Local\Temp\131e432be2ecd2f10e63442a92aaabfa.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1936-2151-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1936-9212-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads