3cf7a6d989e473962a6563195cd6a6f692828b8f5c28276d9950dec3b1c1c23c

Analysis

max time kernel
141s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

170f46e18a505cd3388c115d01592881.exe
Size

1.8MB
MD5

170f46e18a505cd3388c115d01592881
SHA1

756cb3e9928fead25878a1d0bdbbc58396219ceb
SHA256

3cf7a6d989e473962a6563195cd6a6f692828b8f5c28276d9950dec3b1c1c23c
SHA512

ecd92de259d72619f69df5677149939793549e159247c6b6a69d47eff12e368e3ded7d363c1c53b3ae502e7adb7f8c9dd6a9cf60c8574b8acffd2609b2118046
SSDEEP

24576:N6pQPxQ2JyP2r5mJV91xM7RpbwgIvQ7Nxqu7:NCqm2Jpr0nNM7DuQ7NxB

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0034000000015c63-5.dat	upx
behavioral1/memory/2360-0-0x0000000000400000-0x00000000005BB000-memory.dmp	upx
behavioral1/memory/2360-625-0x0000000000400000-0x00000000005BB000-memory.dmp	upx
behavioral1/memory/2360-9192-0x0000000000400000-0x00000000005BB000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\desktop.ini	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	170f46e18a505cd3388c115d01592881.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre7\Welcome.html	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL.exe	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\PrivateBrowsing_70.png	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\VideoLAN\VLC\lua\modules\sandbox.luac.exe	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\delete_over.png	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\OrangeCircles.jpg	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Winamac.exe	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Novokuznetsk.exe	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.httpcomponents.httpclient_4.2.6.v201311072007.jar	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\drag.png	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\gadget.xml	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Journal\ja-JP\MSPVWCTL.DLL.mui.exe	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\sd\icecast.luac	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsoundds.dll	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.databinding.observable_1.4.1.v20140210-1835.jar	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-heapdump.jar.exe	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Photo Viewer\it-IT\PhotoViewer.dll.mui	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\prev_hov.png	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipRes.dll.mui.exe	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerActions.exsd	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Guyana	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\en-US\Mahjong.exe.mui	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Media Player\de-DE\mpvis.dll.mui	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_thunderstorm.png	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-TW\tipresx.dll.mui.exe	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\Khartoum	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Pacific\Apia	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\META-INF\ECLIPSE_.RSA.exe	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.xml	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPCEXT.DLL.exe	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnscfg.exe.mui	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Media Player\it-IT\wmpnscfg.exe.mui.exe	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\js\settings.js.exe	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\gadget.xml	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Journal\es-ES\Journal.exe.mui	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\msdasqlr.dll.mui	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Java\jre7\lib\plugin.jar.exe	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Paramaribo.exe	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Honolulu	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\vlc.mo	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libsdl_image_plugin.dll.exe	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\drag.png	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\license.html	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\toc.xml	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.ui.sdk.scheduler_1.2.0.v20140422-1847.jar.exe	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-jvm_zh_CN.jar	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Mozilla Firefox\AccessibleHandler.dll	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\micaut.dll.mui	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\vulkan-1.dll	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Internet Explorer\en-US\F12.dll.mui.exe	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\41.png	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\btn_close_down_BIDI.png.exe	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Memo.emf	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\JMC.profile\1423861240811.profile.gz.exe	170f46e18a505cd3388c115d01592881.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\etc\visualvm.conf.exe	170f46e18a505cd3388c115d01592881.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\ext\locale\updater_zh_CN.jar	170f46e18a505cd3388c115d01592881.exe

C:\Users\Admin\AppData\Local\Temp\170f46e18a505cd3388c115d01592881.exe
"C:\Users\Admin\AppData\Local\Temp\170f46e18a505cd3388c115d01592881.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
49db0a0b7ef1d05fbf781767d6968473

SHA1
3c8edfb0d287d13a5cdab40f6a246b860b47fbc9

SHA256
4e0e381c061c79efe531ee02633f5b583fb90245e4a804b95e8f18eff122a6a6

SHA512
82bfa77a5323257b5959bc4e021524919feb3a66103b5b3b19a0f851d8fef3dd387b9a92ebc6faaafb5db1b688158f6d01555f2b1349813944c91905c23a15e3

Download Submit
memory/2360-0-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2360-625-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download
memory/2360-9192-0x0000000000400000-0x00000000005BB000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads