e9da913f770a30e249bbc76b7ac8058e56589771ffe0d81ac79f89f6f2e2512c

Analysis

max time kernel
112s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 11:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

16f0fe958baa3dc5329e738f7afaf95c.exe
Size

1.8MB
MD5

16f0fe958baa3dc5329e738f7afaf95c
SHA1

22913baef0a5980e4cd218c3501ec4a06edcaed9
SHA256

e9da913f770a30e249bbc76b7ac8058e56589771ffe0d81ac79f89f6f2e2512c
SHA512

1e139706c4456c25a3e9f83e2c7daab9142051a964f66d45e2b351d5f4f8f85c7ebc0462e6d045b233c23d04253a85b3460e12481da8dc4d85511d01a4fbcdef
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqh:SCqm2Jpr0nNM7Dus7Nxo

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4156-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000227ab-5.dat	upx
behavioral2/memory/4156-938-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InputPersonalization.exe.mui.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\zh-dayi.xml	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\plugin2\vcruntime140_1.dll.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Internet Explorer\en-US\hmmapi.dll.mui.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Java\jdk-1.8\bin\policytool.exe.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\javafx\jpeg_fx.md	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ja-jp-sym.xml	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\Welcome.html	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\7-Zip\Lang\sq.txt.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\ShapeCollector.exe.mui.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-heap-l1-1-0.dll	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Internet Explorer\ja-JP\ieinstal.exe.mui	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\bci.dll.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_heb.xml.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols.xml.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\th.pak.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\TabTip.exe.mui.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\widevinecdm.dll	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java_crw_demo.dll	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrcommonlm.dat	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\mojo_core.dll	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jdwp.dll	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\lcms.dll	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\CheckpointCompare.wmx.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l1-2-0.dll	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\TabTip.exe.mui.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\tr-TR\tipresx.dll.mui	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\gstreamer-lite.dll	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jaas_nt.dll	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jfxmedia.dll	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\msvcp140_2.dll.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems32.dll	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-profile-l1-1-0.dll	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVOrchestration.dll.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\th-TH\tipresx.dll.mui	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Java\jdk-1.8\bin\rmid.exe.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\tabskb.dll.mui.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\uk.pak	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	16f0fe958baa3dc5329e738f7afaf95c.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.exe	16f0fe958baa3dc5329e738f7afaf95c.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.zh-cn.dll	16f0fe958baa3dc5329e738f7afaf95c.exe

C:\Users\Admin\AppData\Local\Temp\16f0fe958baa3dc5329e738f7afaf95c.exe
"C:\Users\Admin\AppData\Local\Temp\16f0fe958baa3dc5329e738f7afaf95c.exe"
1⤵
- Drops file in Program Files directory
PID:4156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4156-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4156-938-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads