7e52b9c39674f1025cd2d72b55b1340b0dc6be393062f39a434b4eef4b31b01b

Analysis

max time kernel
6s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 04:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

274866c2adcd15078fb6f130f10f5d55.exe
Size

2.8MB
MD5

274866c2adcd15078fb6f130f10f5d55
SHA1

87af8440c881c5764576a038614b541c7009bdb9
SHA256

7e52b9c39674f1025cd2d72b55b1340b0dc6be393062f39a434b4eef4b31b01b
SHA512

9dda19dfcc50b3f47676c5a2b0910fe1c2cfc633440aba2c1c9d3991634cee3206fc8a310c7993108f3f8725b845ee4b59f8f6fdb3db3e55e1049a506b4edde6
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHE6pQPxQ2JyP2r5mJV916:SCqm2Jpr0nNM7Dus7Nx2kCqm2Jpr0nG

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4172-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4172-3719-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4172-8702-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7zFM.exe.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat.exe	274866c2adcd15078fb6f130f10f5d55.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pidgenx.dll	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\VGX\VGX.dll	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\Lang\fr.txt.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppvIsvSubsystems64.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.lt-lt.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sk-sk.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-time-l1-1-0.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\Lang\fa.txt.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\msadc\en-US\msdaprsr.dll.mui	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqloledb.rll.mui.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\de-DE\wab32res.dll.mui	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\Lang\cy.txt.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\msadc\msdfmap.dll	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVScripting.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\Lang\br.txt.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\InputPersonalization.exe.mui.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\ado\msado15.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\ado\msado21.tlb	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\wab32.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\tabskb.dll.mui	274866c2adcd15078fb6f130f10f5d55.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.bg-bg.dll	274866c2adcd15078fb6f130f10f5d55.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll	274866c2adcd15078fb6f130f10f5d55.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\Office Setup Controller\pkeyconfig-office.xrm-ms	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\Lang\ga.txt.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.exe	274866c2adcd15078fb6f130f10f5d55.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	274866c2adcd15078fb6f130f10f5d55.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\mshwLatin.dll.mui.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hi-in.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\Ole DB\ja-JP\sqlxmlx.rll.mui.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\ado\msado20.tlb.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\msadc\it-IT\msdaremr.dll.mui.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\7-zip32.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\rtscom.dll.mui	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.exe	274866c2adcd15078fb6f130f10f5d55.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll	274866c2adcd15078fb6f130f10f5d55.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVPolicy.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad\keypadbase.xml.exe	274866c2adcd15078fb6f130f10f5d55.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\main\base_ca.xml.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\Lang\mn.txt.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\ShapeCollector.exe.mui.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\Lang\he.txt.exe	274866c2adcd15078fb6f130f10f5d55.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\SubsystemController.man	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\tipresx.dll.mui	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.exe	274866c2adcd15078fb6f130f10f5d55.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	274866c2adcd15078fb6f130f10f5d55.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RHeartbeatConfig.xml	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ApiClient.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.pl-pl.dll.exe	274866c2adcd15078fb6f130f10f5d55.exe

C:\Users\Admin\AppData\Local\Temp\274866c2adcd15078fb6f130f10f5d55.exe
"C:\Users\Admin\AppData\Local\Temp\274866c2adcd15078fb6f130f10f5d55.exe"
1⤵
- Drops file in Program Files directory
PID:4172

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4172-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4172-3719-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4172-8702-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads