Analysis
-
max time kernel
146s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31-12-2023 04:25
Behavioral task
behavioral1
Sample
281672cd2e6863b3231840c5c8bf0fab.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
281672cd2e6863b3231840c5c8bf0fab.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
281672cd2e6863b3231840c5c8bf0fab.exe
-
Size
1.8MB
-
MD5
281672cd2e6863b3231840c5c8bf0fab
-
SHA1
cd7908ac10d8e0c600eb13194dd9204736e382c5
-
SHA256
73f306c086c8bcbfc2fa218a133cab1a5e435df89a770f5888cf5eeede1ff35d
-
SHA512
5c64589f1f02f04cfae376ecd7f94027bc93147f9b96fe2d1a5196693eef349d3e9451c585c69597955eeba6e842f1879ad8c7474854fe966c0c4ffa4a866e72
-
SSDEEP
24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHD:SCqm2Jpr0nNM7Dus7Nx2j
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2640-0-0x0000000000400000-0x00000000005BA000-memory.dmp upx behavioral1/memory/2640-263-0x0000000000400000-0x00000000005BA000-memory.dmp upx -
Drops desktop.ini file(s) 1 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini 281672cd2e6863b3231840c5c8bf0fab.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\InkWatson.exe.mui.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Iqaluit 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp.ja_5.5.0.165303\feature.properties 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ca.pak.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\bin\javaws.exe.exe 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\libxslt.dll 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\7-Zip\Lang\bg.txt.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\7-Zip\Lang\zh-cn.txt.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Tashkent 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.rcp_5.5.0.165303\feature.xml.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Grand_Turk.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Hermosillo.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Common Files\Microsoft Shared\Stationery\Psychedelic.jpg 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\sk-SK\tipresx.dll.mui.exe 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Havana 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Indian\Kerguelen.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\7-Zip\Lang\ta.txt.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InkObj.dll.mui 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javadoc.exe 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dll 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Menominee.exe 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\cs.pak.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Internet Explorer\sqmapi.dll 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\feature.properties.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\pt-PT\tipresx.dll.mui.exe 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.feature.console_5.5.0.165303\feature.xml 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\7-Zip\descript.ion.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Bahia_Banderas.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Maceio.exe 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\CST6CDT 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\dropins\README.TXT 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Common Files\System\msadc\de-DE\msadcfr.dll.mui.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png.exe 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\deploy\messages_zh_TW.properties 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Oslo 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Common Files\Services\verisign.bmp 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png.exe 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Glace_Bay.exe 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\ECLIPSE_.RSA 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Africa\El_Aaiun 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.exe 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\zh-TW.pak 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoCanary.png.exe 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\.eclipseproduct 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Kuala_Lumpur 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png 281672cd2e6863b3231840c5c8bf0fab.exe File created C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jsadebugd.exe 281672cd2e6863b3231840c5c8bf0fab.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Detroit 281672cd2e6863b3231840c5c8bf0fab.exe