4c15a6c5e8b0bd0f962f768da0ceafcba07d82c9a6a40504e3f2339f2a09358c

Analysis

max time kernel
139s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

188d49782e59517d1b53f62103a70d77.exe
Size

1.8MB
MD5

188d49782e59517d1b53f62103a70d77
SHA1

ba209fdad66cf146f571bc62e449442d6b724c0f
SHA256

4c15a6c5e8b0bd0f962f768da0ceafcba07d82c9a6a40504e3f2339f2a09358c
SHA512

5c6e0c5b078b187a7f0dcc074bf1679cf800875b7a10700c1cb158fda8bedeb4f1543b9ce659a8a96ddb0df2961336bc698e8609a306b17aceb98915d7fbfa4d
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqP:SCqm2Jpr0nNM7Dus7NxS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2116-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002e00000001868f-5.dat	upx
behavioral1/memory/2116-624-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	188d49782e59517d1b53f62103a70d77.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Indiana\Tell_City.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Resolute	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\7-Zip\7z.exe.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jfxwebkit.dll.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\plugin.jar.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwritalm.dat.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyclient.jar	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\JdbcOdbc.dll	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\System\msadc\adcjavas.inc	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Sakhalin	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\ShapeCollector.exe.mui	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrespsh.dat	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.rll	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\el.pak	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_it.properties.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\feature.properties	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\de-DE\msinfo32.exe.mui	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\META-INF\eclipse.inf.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\fi.pak.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.dll.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgePackages.h	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\mshwLatin.dll.mui	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\derby_common.bat.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Lisbon.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\license.html	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\Welcome.html	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrcommonlm.dat.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\launcher.exe.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Prague	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\verify.dll.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\accessibility.properties.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwgst.dll.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\jvm.lib	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\da.pak	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\COPYRIGHT.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_es.properties	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Atlantic\Madeira.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\license.html.exe	188d49782e59517d1b53f62103a70d77.exe

C:\Users\Admin\AppData\Local\Temp\188d49782e59517d1b53f62103a70d77.exe
"C:\Users\Admin\AppData\Local\Temp\188d49782e59517d1b53f62103a70d77.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2116

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
e10765c5bfc9aedfd29e9f4bce88ddf3

SHA1
b845d1c59c2846c3f43641f94669d51cdddd9226

SHA256
114a72d774a64fbf3eaf21819163a59f396b63301ed92bacf164aecdbc2a19a6

SHA512
c5aa3d791e761b706f12f105f4befb562c58b0048413485b7d56a4587226aa27e8975f40d4fcc93708a0d07ac78e0089bc5a32ba4452f10d41f741931003b7d6

Download Submit
memory/2116-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2116-624-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads