36e7016564f7594cee6d56b8829b3d02fda68fcfd8e87b9acfcff9c132ab8ba8

Analysis

max time kernel
118s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 12:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

18ca8accc8aca9177f0e707565babbaf.exe
Size

1.8MB
MD5

18ca8accc8aca9177f0e707565babbaf
SHA1

0fddd9a28d44a9002883b3fa58687639b39764a2
SHA256

36e7016564f7594cee6d56b8829b3d02fda68fcfd8e87b9acfcff9c132ab8ba8
SHA512

805278d911f205907397b0c53fd77e09cb078f635993f28480fc6dd0172d426ca072bdc5a547a7bd392b52f308c5bde62231e2719c67652d26f12b525cc58c9f
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqO:SCqm2Jpr0nNM7Dus7Nxn

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1344-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0007000000015c04-5.dat	upx
behavioral1/memory/1344-731-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	18ca8accc8aca9177f0e707565babbaf.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\TipTsf.dll.mui	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\ExportUndo.mp3	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\3RDPARTY	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\java.dll.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\IpsMigrationPlugin.dll.mui	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\jaccess.jar.exe	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\java.security	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\IpsMigrationPlugin.dll.mui	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jabswitch.exe.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Microsoft.Ink.dll.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png.exe	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ro.pak	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\LICENSE	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\javaws.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwrdeush.dat.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\glass.dll.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\ext\meta-index.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\lt.pak.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\npjp2.dll.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Internet Explorer\networkinspection.dll	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqlxmlx.rll.mui.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCalls.c.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jar.exe.exe	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Connectivity.gif.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.exe	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\VC\msdia90.dll	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\tipresx.dll.mui.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\System\ado\adojavas.inc.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.exe	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\orbd.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\psfont.properties.ja.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\win32\bridge\AccessBridgeCallbacks.h.exe	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.exe	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\imjplm.dll	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\apt.exe.exe	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\jawt.h	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\gstreamer-lite.dll.exe	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cayenne	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\tipresx.dll.mui	18ca8accc8aca9177f0e707565babbaf.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\DVD Maker\fr-FR\WMM2CLIP.dll.mui	18ca8accc8aca9177f0e707565babbaf.exe
File created	C:\Program Files\7-Zip\Lang\be.txt.exe	18ca8accc8aca9177f0e707565babbaf.exe

C:\Users\Admin\AppData\Local\Temp\18ca8accc8aca9177f0e707565babbaf.exe
"C:\Users\Admin\AppData\Local\Temp\18ca8accc8aca9177f0e707565babbaf.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:1344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
351KB

MD5
02db8ac5c29bd67698b8546c92145f59

SHA1
033149eb5087aa9f537262550155975ff1ab8032

SHA256
856f315c183ad2ee3a7a780618dda9bf3a91579e06a6c56ab12f1ae930e199a5

SHA512
941ca70bafcc439c40453d3a2ba2934587db6ce68fcc85a7dbe073252c706e221fc3aa313a709f47b98d49c64bc0d747a3a38bb4f2d37de418d53eed3556fe55

Download Submit
memory/1344-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1344-731-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads