426dcd61c98c335e98fa3c3956f0d903d6c3909c7114656dc3e3f4a1ab99e836

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

227afbdb94612a85761f140cd72ea511.exe
Size

1.8MB
MD5

227afbdb94612a85761f140cd72ea511
SHA1

c562c88dd0029de424188d330140c688413edc3e
SHA256

426dcd61c98c335e98fa3c3956f0d903d6c3909c7114656dc3e3f4a1ab99e836
SHA512

892e5cae3cd83f98c4e68c55722ef06524966457c8b7d21563a50086723a31eae289308f64f1127894ea667f4d8d353c18a9e3a142418adc6b92acecbf04ed9c
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqlp:SCqm2Jpr0nNM7Dus7NxS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2636-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00010000000228ac-5.dat	upx
behavioral2/memory/2636-6611-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/2636-13433-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\desktop.ini	227afbdb94612a85761f140cd72ea511.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-24.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.contrast-white_targetsize-80.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\OutlookMailLargeTile.scale-200.png	227afbdb94612a85761f140cd72ea511.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebHeaderCollection.dll	227afbdb94612a85761f140cd72ea511.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\VVIEWDWG.DLL	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\Microsoft Office\root\vfs\System\mfc140u.dll.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\166.png	227afbdb94612a85761f140cd72ea511.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_OEM_Perp-ul-oob.xrm-ms	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\import_google_contacts\googleOnboardingCard.png.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-256_altform-fullcolor.png.exe	227afbdb94612a85761f140cd72ea511.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Diagnostics.DiagnosticSource.dll	227afbdb94612a85761f140cd72ea511.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\lib\ext\access-bridge-64.jar	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-40_contrast-black.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\msointl30_winrt.dll	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.TypeConverter.dll.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsStore_11910.1002.5.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreAppList.scale-100.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderAppList.contrast-white_targetsize-24_altform-unplated.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\Microsoft Office\root\Office16\LogoImages\ExcelLogoSmall.contrast-black_scale-140.png.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\7.jpg	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteAppList.targetsize-30_altform-unplated.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-16_contrast-white.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Security.Claims.dll	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_contrast-black.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Third Party Notices.txt.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderLogoExtensions.targetsize-32.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l2-1-0.dll.exe	227afbdb94612a85761f140cd72ea511.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\legal\jdk\dynalink.md	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\gnsdk_fp.dll	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\HxAccounts.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\Microsoft.Win32.Registry.dll.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\hr-HR\tipresx.dll.mui.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\Internet Explorer\ielowutil.exe.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupWideTile.scale-400.png.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\SourceAppService.winmd	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\Microsoft Office\root\Document Themes 16\Theme Fonts\Century Gothic.xml.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Publisher2019VL_MAK_AE-ppd.xrm-ms.exe	227afbdb94612a85761f140cd72ea511.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdR_OEM_Perp-ul-oob.xrm-ms	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_chromecast_plugin.dll.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\LinkedInboxBadge.scale-125.png.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\PresentationCore.resources.dll.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-36_altform-lightunplated.png.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcor.dll.mui	227afbdb94612a85761f140cd72ea511.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\client-issuance-root.xrm-ms	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.YourPhone_0.19051.7.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\AppTiles\LargeTile.scale-125.png.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherImages\423x173\7.jpg.exe	227afbdb94612a85761f140cd72ea511.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-libraryloader-l1-1-0.dll	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\ConvertFromSkip.xht.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteSmallTile.scale-150.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteSectionGroupLargeTile.scale-200.png.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSplashLogo.scale-200.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\Programmer.targetsize-64_contrast-white.png.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\Java\jdk-1.8\bin\api-ms-win-core-file-l1-2-0.dll.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Excel.Extensions.dll.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\20.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.GetHelp_10.1706.13331.0_x64__8wekyb3d8bbwe\clrcompression.dll.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-125_8wekyb3d8bbwe\Win10\MicrosoftSolitaireAppList.scale-125.png.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\StoreWideTile.scale-200.png.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\mshwgst.dll	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\Java\jre-1.8\lib\security\cacerts.exe	227afbdb94612a85761f140cd72ea511.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\JitV.dll	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\AppInstallerElevatedAppServiceClient.exe.exe	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.People_10.1902.633.0_x64__8wekyb3d8bbwe\Assets\contrast-white\PeopleAppList.targetsize-48.png	227afbdb94612a85761f140cd72ea511.exe
File created	C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\notification.send.png.exe	227afbdb94612a85761f140cd72ea511.exe

C:\Users\Admin\AppData\Local\Temp\227afbdb94612a85761f140cd72ea511.exe
"C:\Users\Admin\AppData\Local\Temp\227afbdb94612a85761f140cd72ea511.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2636

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
92KB

MD5
9b140d12ed22f2930519badf9ff7a9bc

SHA1
677be169e0a5ac0e0f2dfc23d104996bfeb47dda

SHA256
f331b17b00e34942eeafc2cfea065622dc3509efa87723ec8f845d6a8a1989ca

SHA512
fa6f1c2805033d7215efb758db91dacab8d666d106b37e91384b06412db52f84857a4b9c68fdfb62534ddab2c4e9c693d09ede0f415d03c3b6b2833cdeb3bda5

Download Submit
memory/2636-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2636-6611-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2636-13433-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads