7d26a778ea828c983c5aea641b481c779aaef0292cfe4339929fbdb310ceed4a

Analysis

max time kernel
150s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 21:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
Size

1.8MB
MD5

1cd2f5ee0f71f605ab9a9b0bd6c89458
SHA1

674583159ec527d796039f1095e03aa63a071f8d
SHA256

7d26a778ea828c983c5aea641b481c779aaef0292cfe4339929fbdb310ceed4a
SHA512

95a4643602d51eaf8318b63401227e8d49363c5e72b759d3c79bc20a58b41fdffa50385669b9932d5f3f5145c076f92283447b296296a70345c15f88bb4cf5b9
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqu:SCqm2Jpr0nNM7Dus7Nxz

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2992-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0032000000016d23-5.dat	upx
behavioral1/memory/2992-651-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Urumqi.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.webapp.nl_ja_4.4.0.v20140623020002.jar	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-annotations-common.xml	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\TipTsf.dll.mui.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Maldives	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher_1.3.0.v20140415-2008.jar.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\7-Zip\Lang\fur.txt.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledbjvs.inc	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages.properties.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Creston	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\de-DE\MSTTSLoc.dll.mui	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Chagos.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\mshwLatin.dll.mui	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mshwLatin.dll.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\html\cpyr.htm	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Aqtobe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jp2launcher.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\San_Juan.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Qyzylorda	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Mahe.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\ZoneInfoMappings	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fr-FR\InkObj.dll.mui.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\hwresplm.dat.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ja-JP\IPSEventLogMsg.dll.mui	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.net_1.2.200.v20120807-0927.jar	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.css.swt.theme.nl_zh_4.4.0.v20140623020002.jar	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.osgi.services.nl_ja_4.4.0.v20140623020002.jar.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\images\winClassicTSFrame.png.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcfr.dll.mui	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\NOTICE.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Nassau	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Omsk.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\license.html.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.preferences_3.5.200.v20140224-1527.jar	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\symbols\ja-jp-sym.xml.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\java.exe.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyrun.jar	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\include\win32\jawt_md.h	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\jfxrt.jar.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\snmp.acl.template.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.apache.batik.css_1.7.0.v201011041433.jar.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsnor.xml.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\te.pak	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_200_percent.pak	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jsound.dll.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Hebron.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\css\e4-dark.css.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.workbench_3.106.1.v20140827-1737.jar.exe	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-api-visual.xml	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	1cd2f5ee0f71f605ab9a9b0bd6c89458.exe

C:\Users\Admin\AppData\Local\Temp\1cd2f5ee0f71f605ab9a9b0bd6c89458.exe
"C:\Users\Admin\AppData\Local\Temp\1cd2f5ee0f71f605ab9a9b0bd6c89458.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
2cf4ac0a0bccfb1f15bb12de320cb3ff

SHA1
faf2575d449556ac041877b0e6f3d2de56c31df5

SHA256
822e709831b607aaa6a963d063b9d53fad3ad216aca742ffbee0a8dcf40a7ae3

SHA512
468151b79dedfd6b1a275f261c4f1c88700dc845e8568fe66d3d237e205344b4bd020812d5677e83b7c5d38281024179cc77a2c40346e4db1701df100ded1865

Download Submit
memory/2992-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2992-651-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads