148366d59066486584aac1d0665793a3c36ab0bce0bcef57a413602a82f5d8bf

Analysis

max time kernel
163s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22733ba081383d8d8509b3ff5b0ce796.exe
Size

1.8MB
MD5

22733ba081383d8d8509b3ff5b0ce796
SHA1

b21ce60c3ced5837b6c798a05948234c7ed61c69
SHA256

148366d59066486584aac1d0665793a3c36ab0bce0bcef57a413602a82f5d8bf
SHA512

b015b800de2e5893aea3eb333a7cc2092b5e8c2bea1a20b26c90cbb18aef005b8f5281f479a64409b429b44854fb6a62b894197236df1c01f57aa564884f5d7d
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHk:SCqm2Jpr0nNM7Dus7Nx2E

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2784-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x0002000000022910-5.dat	upx
behavioral2/memory/2784-167-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaprsr.dll.mui	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\ado\msadomd.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msadcer.dll.mui	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaremr.dll.mui.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\msadc\msadds.dll.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-environment-l1-1-0.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\ado\en-US\msader15.dll.mui	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.he-il.dll.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\fr-FR\wab32res.dll.mui.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.fi-fi.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaprsr.dll.mui.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcr120.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msdaprsr.dll.mui	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVFileSystemMetadata.dll.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvVirtualization.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.el-gr.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\wab32res.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ar-SA\tipresx.dll.mui.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\7-Zip\Lang\az.txt.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\vcruntime140.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\InkDiv.dll.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\7-Zip\Lang\ta.txt.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.vi-vn.dll.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\7-Zip\Lang\tg.txt.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\en-US\wab32res.dll.mui	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\oledb32r.dll.mui	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\IpsMigrationPlugin.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\7-Zip\Lang\ug.txt.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msadcor.dll.mui.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui	22733ba081383d8d8509b3ff5b0ce796.exe
File created	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee100.tlb.exe	22733ba081383d8d8509b3ff5b0ce796.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	22733ba081383d8d8509b3ff5b0ce796.exe

C:\Users\Admin\AppData\Local\Temp\22733ba081383d8d8509b3ff5b0ce796.exe
"C:\Users\Admin\AppData\Local\Temp\22733ba081383d8d8509b3ff5b0ce796.exe"
1⤵
- Drops file in Program Files directory
PID:2784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1.8MB

MD5
5ecd921c8ccc4a8c0880baff6bc0d6e7

SHA1
7e598a347d602e4fe67dd973676af08f48eee67d

SHA256
e2f50439a41cbff5458d42dd3b4ca0c3a7185a77d3247e94c5bf1ee443942a13

SHA512
d44063d95c7f7b40776370a2070435b87c3bb271f3e4beb28d1a12441199f1d6a8df8483ddd69fa3264aadd9bfb06a2a5254a12ce87a0f22bf4cfa07547896b9

Download Submit
memory/2784-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2784-167-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads