96111da62ea9dcaad227cfda1a84aec12f166b4b7ecb113028ef1039a9bdbc24

Analysis

max time kernel
186s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 00:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21cd307a141add1cdbd88b6e9f5361c3.exe
Size

2.8MB
MD5

21cd307a141add1cdbd88b6e9f5361c3
SHA1

8f1dd80d353f495803addcbab823e602cf3e74a6
SHA256

96111da62ea9dcaad227cfda1a84aec12f166b4b7ecb113028ef1039a9bdbc24
SHA512

bc69192429c66db5cb9d49fdd4008e155c76bf5f04eb698406714f047c0804944185362e08802261caf8374ca3e07c7f86d7d52f64bfab03493bc144ebe65d38
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV91M:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nw

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1724-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022791-5.dat	upx
behavioral2/memory/1724-332-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\Lang\kk.txt.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\7-Zip\Lang\sl.txt.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\7-Zip\Lang\yo.txt.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.et-ee.dll	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\7-Zip\Lang\pl.txt.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main.xml.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\7-Zip\7zG.exe.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\oledb32r.dll.mui.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\System\ado\msadrh15.dll	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVClient.man.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipschs.xml	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-process-l1-1-0.dll.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\symbols\ea-sym.xml	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\7-Zip\Lang\zh-cn.txt.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-xstate-l2-1-0.dll	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp140.dll.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\7-Zip\Uninstall.exe.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcor.dll.mui	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee.dll.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\ClearSend.ps1	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\sqloledb.rll.mui.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msadcer.dll.mui	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\es-ES\msinfo32.exe.mui.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\it-IT\msinfo32.exe.mui	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\osknav.xml.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\StreamServer.dll.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hwrenclm.dat	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\offreg.dll.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fr-FR\InkObj.dll.mui	21cd307a141add1cdbd88b6e9f5361c3.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tabskb.dll.mui	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\7-Zip\7z.sfx.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\System\ado\msado28.tlb.exe	21cd307a141add1cdbd88b6e9f5361c3.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\TipRes.dll.mui.exe	21cd307a141add1cdbd88b6e9f5361c3.exe

C:\Users\Admin\AppData\Local\Temp\21cd307a141add1cdbd88b6e9f5361c3.exe
"C:\Users\Admin\AppData\Local\Temp\21cd307a141add1cdbd88b6e9f5361c3.exe"
1⤵
- Drops file in Program Files directory
PID:1724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
488KB

MD5
3d3c7befea98aaaa8bb8dc9044d87a7a

SHA1
b8ebaf8dea40c7b6953e8c2fad50cdcf6cd7bdfe

SHA256
dfcd9bf838f3d961ecdec7859a128bc7c66925f6e12fe6438f0fc29a301b56ca

SHA512
afde00cca380bb4afb35bba6335fc9027acfa04c98632a80828bd5bf6281947ffc2c0fa1f739ff7e6a31ad807ba4401477b73098399387dfe4afd9f6de38a315

Download Submit
memory/1724-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/1724-332-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads