Analysis
-
max time kernel
153s -
max time network
167s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 14:27
Behavioral task
behavioral1
Sample
1b68f0b7acb9cf018246036c5e8a4754.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
1b68f0b7acb9cf018246036c5e8a4754.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
1b68f0b7acb9cf018246036c5e8a4754.exe
-
Size
2.8MB
-
MD5
1b68f0b7acb9cf018246036c5e8a4754
-
SHA1
b5f2dd0be9547c24a8071594736a3c20d91512d5
-
SHA256
032541fc65304ee760389192864cc2e4cb7fc4a560a2bffd0654c3b1ef40f913
-
SHA512
6941c95985363bb59aa4237b6c9b5fc0bd77f599999f8408f12f667bff3352409adc1de5a857719f310c7cacb293127960c49d5d2d0b90aa3ca16f0325429ed7
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91i:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nO
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/4892-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral2/files/0x0002000000022791-5.dat upx behavioral2/memory/4892-36-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pt-pt.dll 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\Lang\sa.txt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\Lang\uz.txt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\BlockInitialize.xlt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\msadc\es-ES\msdaremr.dll.mui.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\Lang\es.txt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msadcor.dll.mui 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ko-kr.dll.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ro-ro.dll 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\7zCon.sfx.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\7-Zip\Lang\pt.txt 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\Ole DB\msdatl3.dll 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msadcor.dll.mui 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.uk-ua.dll.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\7-Zip\Lang\de.txt 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\License.txt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\Lang\mk.txt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\ado\msado26.tlb.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\msadc\fr-FR\msdaprsr.dll.mui.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R32.dll 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\7-Zip\7z.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClientIsv.man.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\Lang\ug.txt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\7-Zip\Lang\fi.txt 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\7-Zip\Lang\sq.txt 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\ado\msadomd.dll.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIntegration.dll 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\Lang\hi.txt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\7-Zip\Lang\ro.txt 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\Ole DB\fr-FR\msdasqlr.dll.mui 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\Ole DB\msxactps.dll.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\CheckpointClear.docx.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\Ole DB\msdaps.dll.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\msadc\ja-JP\msaddsr.dll.mui.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\7-Zip\7zG.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\Lang\cs.txt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\Lang\fi.txt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\Lang\va.txt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientCapabilities.json 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ja-jp.dll 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\7-Zip\7-zip.chm 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\Lang\bg.txt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File opened for modification C:\Program Files\7-Zip\Lang\kab.txt 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\7-Zip\Lang\nb.txt.exe 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\ado\msado21.tlb 1b68f0b7acb9cf018246036c5e8a4754.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui 1b68f0b7acb9cf018246036c5e8a4754.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.8MB
MD5abebc561505ae9431661fc5b55254bea
SHA1c9eb4ed2bf63e5cffa41237c4cf2423e9f189360
SHA25681f565eb85cd536649f504339cf3b6428dbe7633c84e7bf555be10fcc1450cbb
SHA5122661db08e6e845223d66a030bc22daae0dfb350e5314b70e8f2005490e57547521d2734c3237c2183e1aa294e49130bb2a2c6b02cd1ac9dce53608b2954197b5