ce002689098b02f94ef10bdc78379963e01dd9535d55ba41e25117a78df96e24

Analysis

max time kernel
130s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24521b80c629898555bf9efdd7f76233.exe
Size

1.8MB
MD5

24521b80c629898555bf9efdd7f76233
SHA1

f0a58b53f8c77e68ca78f210a181cdaf42c39b68
SHA256

ce002689098b02f94ef10bdc78379963e01dd9535d55ba41e25117a78df96e24
SHA512

4be0d5df6d0289dd87590679f54f6889180f080e6deb5e52b6b8c6c4978472fa7a6b354bf0c46dff4bec69fc44222f48ba12b76085fd0029550627a3b124fe04
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHN:SCqm2Jpr0nNM7Dus7Nx2t

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2968-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x002700000001529f-5.dat	upx
behavioral1/memory/2968-662-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/memory/2968-9179-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 9 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\desktop.ini	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	24521b80c629898555bf9efdd7f76233.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\jmxremote.access	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\META-INF\ECLIPSE_.SF	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.jdp.ja_5.5.0.165303.jar	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Jamaica.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\it\Microsoft.Build.Utilities.v3.5.resources.dll.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Mail\es-ES\msoeres.dll.mui	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\images\calendar_single_bkg.png.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msdaremr.dll.mui	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-api-search_ja.jar.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jre7\lib\fonts\LucidaBrightDemiItalic.ttf.exe	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\ja-JP\js\library.js.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_black_moon-waxing-gibbous.png	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\ea.xml.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll.exe	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\bin\jdwp.dll	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Amman	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\VideoLAN\VLC\lua\playlist\anevia_streams.luac.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libdav1d_plugin.dll.exe	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\javaws.jar	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\images\add_over.png.exe	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_file_plugin.dll	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Stucco.gif	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Internet Explorer\en-US\jsprofilerui.dll.mui.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-keyring-impl_zh_CN.jar.exe	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\config\Modules\org-openide-util-enumerations.xml_hidden	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Manila.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jre7\lib\zi\Europe\Istanbul.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\System.ServiceModel.Resources.dll	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\css\weather.css.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\undocked_blue_windy.png	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\system_h.png	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Zurich.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\ja\System.Data.Linq.Resources.dll	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\az\LC_MESSAGES\vlc.mo	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\VideoLAN\VLC\locale\mr\LC_MESSAGES\vlc.mo.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\clock.js.exe	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkClientCP.bat	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\schemagen.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Goose_Bay.exe	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-api-annotations-common.xml	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jre7\lib\zi\Atlantic\South_Georgia.exe	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Etc\GMT+2	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html.exe	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\manifest.json	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Australia\Melbourne.exe	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Microsoft Games\Multiplayer\Checkers\en-US\chkrzm.exe.mui	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\logo.png	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\config\Modules\org-netbeans-modules-profiler-api.xml	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Asia\Novosibirsk	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\de\LC_MESSAGES\vlc.mo	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.exe	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libsftp_plugin.dll	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Windows Sidebar\sbdrop.dll.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.exe	24521b80c629898555bf9efdd7f76233.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\de-DE\Hearts.exe.mui	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\VERSION.txt.exe	24521b80c629898555bf9efdd7f76233.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\update_tracking\com-sun-tools-visualvm-application.xml.exe	24521b80c629898555bf9efdd7f76233.exe

C:\Users\Admin\AppData\Local\Temp\24521b80c629898555bf9efdd7f76233.exe
"C:\Users\Admin\AppData\Local\Temp\24521b80c629898555bf9efdd7f76233.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2968

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
7adda565a8cec7043cbee600ed68c8ca

SHA1
db7b13c4283e109fb3e0160b9e61e20b904666b2

SHA256
5654dc89ec92215829e07e03b999edb144728702f40c424b8b9b8975e54b61df

SHA512
f3ed843cfac543256b143ac5e811d04ca6a80dfc1432700527152fefe1f7c30cf0b91d307e031d55c9430c797ce07d11a6b774943fa20d44cb8aad9a2efde784

Download Submit
memory/2968-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2968-662-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2968-9179-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads