43880b14fd2280a8dfd75a9c11d953a104978ee1ac922446249514da9eac1b50

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23d5486e6cef1e79e1bec9a776064b11.exe
Size

1.8MB
MD5

23d5486e6cef1e79e1bec9a776064b11
SHA1

35b27a81787fedeff33a2eed2e8c93f5fa2ed140
SHA256

43880b14fd2280a8dfd75a9c11d953a104978ee1ac922446249514da9eac1b50
SHA512

bae0edcf32b0383874c58073473952406ecfa20f00450181c9c68beffd714d079cce797ea9c0bb78f8a9c4d37ab57aa137bddb70ff06fc9c2cc59c3f00324464
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHo:SCqm2Jpr0nNM7Dus7Nx2I

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3052-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228ae-5.dat	upx
behavioral2/memory/3052-4241-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/3052-13379-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\desktop.ini	23d5486e6cef1e79e1bec9a776064b11.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\185.png	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\PilotshubApp.dll.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Security.Cryptography.Primitives.dll	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_altform-unplated_contrast-black.png	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Outlook.scale-100.png	23d5486e6cef1e79e1bec9a776064b11.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\8.0.0\es\WindowsFormsIntegration.resources.dll	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhds_plugin.dll.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\177.png	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileMediumSquare.scale-100.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubSplashWideTile.scale-200_contrast-black.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\LightGray.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365HomePremR_Subscription4-pl.xrm-ms.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\Personal2019R_Retail-ppd.xrm-ms.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\PersonalPipcR_OEM_Perp-ul-phn.xrm-ms.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Assets\Lighting\Light\Paint3D.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\MedTile.scale-200.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\EmptyCalendarSearch.scale-125.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProDemoR_BypassTrial180-ul-oob.xrm-ms.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\Square71x71Logo.scale-125.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupMedTile.scale-125.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-72_altform-lightunplated.png	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\VideoLAN\VLC\locale\gd\LC_MESSAGES\vlc.mo.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-200_contrast-black.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Java\jre-1.8\bin\deploy.dll.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectPro2019XC2RVL_MAKC2R-ul-phn.xrm-ms	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\BadgeLogo.scale-200_contrast-white.png	23d5486e6cef1e79e1bec9a776064b11.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\control\libwin_msg_plugin.dll	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-24_contrast-black.png	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\AlarmsAppList.contrast-black_targetsize-20.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Work\contrast-white\LargeTile.scale-100.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\es\UIAutomationProvider.resources.dll	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_wer.dll.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\ProjectProR_Trial-ppd.xrm-ms.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000027\assets\Icons\Checkmark.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNoteWideTile.scale-200.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteSectionGroupMedTile.scale-400.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxCalendarLargeTile.scale-200.png	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Microsoft Office\root\Licenses16\O365SmallBusPremR_SubTrial2-ul-oob.xrm-ms.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\LargeTile.scale-125.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-150_contrast-white.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\en-us\hxcommintl.dll.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStdR_Retail-ul-phn.xrm-ms	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\Home\contrast-black\SmallTile.scale-100.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Reflection.Emit.ILGeneration.dll	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailBadge.scale-150.png.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\tr\WindowsBase.resources.dll	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\CalculatorStoreLogo.contrast-white_scale-100.png	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.1907.3152.0_x64__8wekyb3d8bbwe\Assets\InsiderHubAppList.targetsize-16_contrast-white.png	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-60_altform-unplated_contrast-black.png	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebSockets.Client.dll.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\HomeBusiness2019R_Trial-pl.xrm-ms	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Logos\Square71x71\PaintSmallTile.scale-150.png	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Client.Core.dll.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Microsoft Office\root\Office16\PROOF\MSHY7ES.DLL.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO40UIRES.DLL	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\TextIntelligence.dll.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Analysis Services\AS OLEDB\140\Cartridges\orcl7.xsl.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\Windows Media Player\Media Renderer\RenderingControl.xml	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\sr-Latn-RS\View3d\3DViewerProductDescription-universal.xml.exe	23d5486e6cef1e79e1bec9a776064b11.exe
File created	C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\ja\Microsoft.PowerShell.PackageManagement.resources.dll.exe	23d5486e6cef1e79e1bec9a776064b11.exe

C:\Users\Admin\AppData\Local\Temp\23d5486e6cef1e79e1bec9a776064b11.exe
"C:\Users\Admin\AppData\Local\Temp\23d5486e6cef1e79e1bec9a776064b11.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll

Filesize
1024KB

MD5
6f3c31a880db3e9e35945c17aaae34d8

SHA1
cf09444cc59521ad1cca8632581dcad9977d96a8

SHA256
1cbdb1a76150f6b3bd910bd6e17a5dbd40ef31427d64e87231b5e4ea73dffafb

SHA512
db07930d9ff7688e01ec30b3849c24d60245b8fe68f6b40d7fa9d2629a72e86fe4d862c28a5840815af6373cdc1fbacc7202e62a91aa35da73582b324aca6e4d

Download Submit
memory/3052-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3052-4241-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/3052-13379-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads