0d566b9a2bdaf2e1a7be8781e54d6017d85a077ed02342fae64c4b6f21674f1c

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13c373f1df4191f221cc323f9a186fd1.exe
Size

2.8MB
MD5

13c373f1df4191f221cc323f9a186fd1
SHA1

8bf8f406cddb60884449fbfc2d7ace1715aca92e
SHA256

0d566b9a2bdaf2e1a7be8781e54d6017d85a077ed02342fae64c4b6f21674f1c
SHA512

67379872a6d7a96b25c59faca3762dd2bbb496259e49c759974fac9c9a5fedbd2c7b52ba6ffdecb7b595e465a513ab804f237932646fa4d30568a4c5d106ae3e
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV919:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nR

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1652-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0030000000014721-5.dat	upx
behavioral1/memory/1652-2080-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/1652-8321-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\desktop.ini	13c373f1df4191f221cc323f9a186fd1.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libvpx_plugin.dll	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Peacock.htm.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Bougainville	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-uihandler.xml	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Europe\Simferopol	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libswscale_plugin.dll	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\wsgen.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\base-undocked-2.png	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.garbagecollector.nl_zh_4.4.0.v20140623020002.jar	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-core-kit.xml.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ust-Nera.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MET.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Kuala_Lumpur	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\1033\BHOINTL.DLL	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationProvider.resources.dll	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\7-Zip\Lang\va.txt.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Dili	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\modern_s.png.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.SF	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface.text.nl_ja_4.4.0.v20140623020002.jar	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jre7\bin\glib-lite.dll.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Sitka	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\bPrev.png	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\0.png.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.policy	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\YST9YDT	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-templates.xml.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jre7\bin\plugin2\msvcr100.dll.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sl.pak.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\sr.pak	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser_5.5.0.165303.jar.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\cmm\sRGB.pf	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Casablanca	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Phoenix.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\North_Dakota\Beulah	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-options-api_zh_CN.jar.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-threaddump.xml	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\security\US_export_policy.jar	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Jerusalem	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Internet Explorer\en-US\F12Resources.dll.mui	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\COPYRIGHT.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libripple_plugin.dll.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ulaanbaatar.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\es\System.RunTime.Serialization.Resources.dll.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Star_Half.png.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe.exe	13c373f1df4191f221cc323f9a186fd1.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Anchorage.exe	13c373f1df4191f221cc323f9a186fd1.exe
File opened for modification	C:\Program Files\Java\jre7\bin\w2k_lsa_auth.dll	13c373f1df4191f221cc323f9a186fd1.exe

C:\Users\Admin\AppData\Local\Temp\13c373f1df4191f221cc323f9a186fd1.exe
"C:\Users\Admin\AppData\Local\Temp\13c373f1df4191f221cc323f9a186fd1.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
550KB

MD5
c93b43a80e27221acc7cbe676617519a

SHA1
2cb5eebd3cf8d15cf9a9b96eca1d041580fb4598

SHA256
5add52d17ae9a1c901a95f94d57b5602b93758ade7115a64c27757e3aa0661ea

SHA512
6f5bbf8a19379fe39ec2019ac1ea340c52b7016eb9892071ddae65b711cf7e86cef040d3f442215d048d2cc05a4f42ddae0e862d0c022cd99dac39e4ab6958f1

Download Submit
memory/1652-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1652-2080-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1652-8321-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads