3c213ccadea54c939abc9a184ee4202ae59ffc20d5433979a2baaf3f91425b6e

Analysis

max time kernel
132s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ac3a34cae67952efc7b66395b6ad933.exe
Size

1.8MB
MD5

2ac3a34cae67952efc7b66395b6ad933
SHA1

3b3d963361686235a00ee6da3c4f28be151588c0
SHA256

3c213ccadea54c939abc9a184ee4202ae59ffc20d5433979a2baaf3f91425b6e
SHA512

f71cf60f6346633ed17796d05193707ed60355b9c8afd73d10a9bc0aa6911c8d507a8646e9d19c8807e8732ef597f3a0195d5e50f8858805f44b4d4f7f376f4f
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHa:SCqm2Jpr0nNM7Dus7Nx26

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2224-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral1/files/0x0020000000014fc0-5.dat	upx
behavioral1/memory/2224-612-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops desktop.ini file(s) 8 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Games\Purble Place\desktop.ini	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Microsoft Games\Solitaire\desktop.ini	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Microsoft Games\SpiderSolitaire\desktop.ini	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Desktop.ini	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Microsoft Games\Chess\desktop.ini	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Microsoft Games\Hearts\desktop.ini	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Microsoft Games\Mahjong\desktop.ini	2ac3a34cae67952efc7b66395b6ad933.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Center.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudiobargraph_a_plugin.dll	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Windows Journal\de-DE\PDIALOG.exe.mui	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\kn.pak	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_hu.jar	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20141007-2033\META-INF\MANIFEST.MF.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Funafuti.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Windows Journal\fr-FR\jnwmon.dll.mui	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\jre\lib\fonts\LucidaTypewriterBold.ttf	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\com.jrockit.mc.rjmx.syntheticnotification.exsd	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-core.xml.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Mozilla Firefox\updater.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\UTC.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Microsoft Games\Hearts\ja-JP\Hearts.exe.mui	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\keypad\keypadbase.xml	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\date-span-16.png.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-ui_ja.jar	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jre7\bin\jsoundds.dll.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Denver.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_mpjpeg_plugin.dll.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Mozilla Firefox\osclientcerts.dll	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\PresentationBuildTasks.dll	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\visualization\libgoom_plugin.dll.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\setNetworkServerCP	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Pacific\Tongatapu	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\VideoLAN\VLC\axvlc.dll.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\Filters\odffilt.dll	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\SmallLogoBeta.png	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Europe\Riga.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.alert_5.5.0.165303.jar	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-modules-javahelp_zh_CN.jar	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Common Files\System\msadc\ja-JP\msadcer.dll.mui	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core_zh_CN.jar	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\it-IT\chkrzm.exe.mui.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\db\bin\dblook	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\orb.idl	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access_output\libaccess_output_shout_plugin.dll	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\en-US\InputPersonalization.exe.mui	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Cambridge_Bay.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Asia\Ashgabat.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.app_1.3.200.v20130910-1609.jar	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Microsoft Games\Solitaire\SolitaireMCE.lnk.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSLoc.dll.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-execution_zh_CN.jar	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libdirectory_demux_plugin.dll	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\cmm\PYCC.pf.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\demux\libty_plugin.dll.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.ecore_2.10.1.v20140901-1043.jar.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Jujuy	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\America\Indiana\Knox	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libstl_plugin.dll.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.touchpoint.natives_1.1.100.v20140523-0116.jar.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Management.Instrumentation.Resources.dll	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Windows Defender\it-IT\MpEvMsg.dll.mui.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File opened for modification	C:\Program Files\Java\jre7\lib\charsets.jar	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Bogota.exe	2ac3a34cae67952efc7b66395b6ad933.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jhat.exe.exe	2ac3a34cae67952efc7b66395b6ad933.exe

C:\Users\Admin\AppData\Local\Temp\2ac3a34cae67952efc7b66395b6ad933.exe
"C:\Users\Admin\AppData\Local\Temp\2ac3a34cae67952efc7b66395b6ad933.exe"
1⤵
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:2224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip32.dll.exe

Filesize
1.8MB

MD5
48861063544a138c6b3a147393c3566f

SHA1
4fca39e782c98ee158a9fe34da872d9fcf09f41b

SHA256
2bbde50970996026dcce789a058cdcaaabc6c9bdf05633e04c6071827ccb8775

SHA512
35405859fb53fb1c5930f207de1025aa0a785366ed31c0e65520febf105d44e651c4f75a6d1234b00e5319a376d7ec0a859cee4d2a03588febf166ed35ec640b

Download Submit
memory/2224-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/2224-612-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads