bd7dda7a8718ea96be1f7e408ddee04089d3de04b14c293e3876f3084c9afa54

Analysis

max time kernel
196s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

278e25f523631ade719cc06585c66a61.exe
Size

1.8MB
MD5

278e25f523631ade719cc06585c66a61
SHA1

89bc6f797a1aee457c1a5afb2010bc939cb18f8e
SHA256

bd7dda7a8718ea96be1f7e408ddee04089d3de04b14c293e3876f3084c9afa54
SHA512

5f8f5abf371eeb978a2d6c3ebadde95a75482e216f21af686b85f4e7e36590b349156ebcbfd39aa5c9f5e8984c0337c885b863a07cbcfbdea56686c9f8bf209b
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7Nxqc:SCqm2Jpr0nNM7Dus7Nxt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2904-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0036000000016c22-5.dat	upx
behavioral1/memory/2904-340-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	278e25f523631ade719cc06585c66a61.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\7-Zip\7zG.exe.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\ro.txt.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Green Bubbles.htm	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\lt.txt.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\sw.txt.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\osppobjs-spp-plugin-manifest-signed.xrm-ms.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\offfiltx.dll	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPWMI.MOF	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\uk.txt.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pine_Lumber.jpg.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\ky.txt.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\IPSEventLogMsg.dll.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Bears.htm.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Orange Circles.htm	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\Alphabet.xml	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Csi.dll	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\10.0\1033\VSTOLoaderUI.dll.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\th.txt.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InkObj.dll.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Cave_Drawings.gif.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\7z.sfx.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\bg.txt.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\is.txt.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\White_Chocolate.jpg	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\sk.txt.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Pretty_Peacock.jpg	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Notebook.jpg.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Roses.htm.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\de.txt.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Monet.jpg.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\kaa.txt.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Graph.emf.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\SoftBlue.jpg.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipBand.dll.mui.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\mng.txt.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\it-IT\msinfo32.exe.mui.exe	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Shades of Blue.htm.exe	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	278e25f523631ade719cc06585c66a61.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	278e25f523631ade719cc06585c66a61.exe
File created	C:\Program Files\7-Zip\Lang\mng2.txt.exe	278e25f523631ade719cc06585c66a61.exe

C:\Users\Admin\AppData\Local\Temp\278e25f523631ade719cc06585c66a61.exe
"C:\Users\Admin\AppData\Local\Temp\278e25f523631ade719cc06585c66a61.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
0fd47149ce0aa63dda63902a2a8a8a2a

SHA1
491b23723e67018489f843594a350e834533c757

SHA256
a6ead95cbfc26f72f153c9857a47ca21c9b9439213227bb8c72c0761f6ef0ee9

SHA512
2ba33a472c5e80b1e6ef2fc4e4be0e08f5b983c713a2f9fca327579ba4afc1153c944e1265522ea718ab618083d6e5e3e0af623c87f2dad1679033dbbf791b0f

Download Submit
memory/2904-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2904-340-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads