4c15a6c5e8b0bd0f962f768da0ceafcba07d82c9a6a40504e3f2339f2a09358c

Analysis

max time kernel
148s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 12:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

188d49782e59517d1b53f62103a70d77.exe
Size

1.8MB
MD5

188d49782e59517d1b53f62103a70d77
SHA1

ba209fdad66cf146f571bc62e449442d6b724c0f
SHA256

4c15a6c5e8b0bd0f962f768da0ceafcba07d82c9a6a40504e3f2339f2a09358c
SHA512

5c6e0c5b078b187a7f0dcc074bf1679cf800875b7a10700c1cb158fda8bedeb4f1543b9ce659a8a96ddb0df2961336bc698e8609a306b17aceb98915d7fbfa4d
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqP:SCqm2Jpr0nNM7Dus7NxS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2460-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/2460-5909-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/2460-13397-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\desktop.ini	188d49782e59517d1b53f62103a70d77.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Advanced-Light.scale-150.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\STRTEDGE\PREVIEW.GIF.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Net.Sockets.dll	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalSplashScreen.scale-200_contrast-black.png.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\SuggestionsService\PushpinLight.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusinessR_OEM_Perp4-pl.xrm-ms	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vreg\osmuxmui.msi.16.en-us.vreg.dat	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\Icons\icon_play_prs.png.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-64.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-time-l1-1-0.dll	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-32.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Java\jdk-1.8\jre\lib\currency.data.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Threading.Tasks.Extensions.dll	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-36_altform-lightunplated.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Video_Msg_Record.m4a	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-60.png	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\dt_socket.dll	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\OneNoteLogoSmall.contrast-black_scale-80.png.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-48_contrast-white.png.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosLogoExtensions.targetsize-16.png.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\avformat-58_ms.dll.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AlarmsStoreLogo.contrast-white_scale-100.png	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ro\msipc.dll.mui	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vreg\proof.fr-fr.msi.16.fr-fr.vreg.dat	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\FlagToastQuickAction.scale-80.png.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\legal\jdk\pkcs11wrapper.md	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdO365R_Subscription-ppd.xrm-ms.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\contrast-black\PeopleAppList.scale-125.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome.exe.sig.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\StoreLogo.scale-100.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageAppList.targetsize-20_contrast-black.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-16.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\EmptyShare.scale-150.png.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.targetsize-256_altform-unplated_devicefamily-colorfulunplated.png.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\MapsAppList.targetsize-40_altform-lightunplated.png.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\FileExtension.targetsize-48.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageLargeTile.scale-200.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNotePageSmallTile.scale-200.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\iacom2im.dll	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\System\ja-JP\wab32res.dll.mui	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\classlist	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-96_contrast-white.png.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\it\WindowsFormsIntegration.resources.dll	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\Bibliography\Style\ISO690Nmerical.XSL.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\AppList.targetsize-36.png.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Classic.dll	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\PresentationFramework.Classic.dll.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.scale-200.png	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\deploy\splash.gif	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\VisioProCO365R_Subscription-ul-oob.xrm-ms.exe	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\msix.dll	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageLargeTile.scale-125_contrast-black.png	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Common Files\System\Ole DB\msxactps.dll	188d49782e59517d1b53f62103a70d77.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\Assets\Audio\Skype_Call_Reconnected_Loud.m4a	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\Microsoft Office\root\Office16\WebView2Loader.dll.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\DecoderAppService.dll.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTile.xml.exe	188d49782e59517d1b53f62103a70d77.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\Dismiss.scale-64.png	188d49782e59517d1b53f62103a70d77.exe

C:\Users\Admin\AppData\Local\Temp\188d49782e59517d1b53f62103a70d77.exe
"C:\Users\Admin\AppData\Local\Temp\188d49782e59517d1b53f62103a70d77.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2460-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2460-5909-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2460-13397-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads