5e61f88afd6f3bf23517ad5f0d6d4ef510cca53fb3a20da71cd953717002cd84

Analysis

max time kernel
4s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2b27d1659a987aaf38755b243ed974d2.exe
Size

1.8MB
MD5

2b27d1659a987aaf38755b243ed974d2
SHA1

32046b17e8a853c15b93cfc3fb07ef35e597ba0d
SHA256

5e61f88afd6f3bf23517ad5f0d6d4ef510cca53fb3a20da71cd953717002cd84
SHA512

7a2ee201571a7de9e93882e05444865c4ca5938f80271965a55fe3cb18d324b8be3dd22d21b0408a23e9a85266d3f1fbb3c4a3f8cf92038d618a76383afd6360
SSDEEP

24576:S6pQPxQ2JyP2r5mJV91xM7RpbwgIvs7NxqUkHN:SCqm2Jpr0nNM7Dus7Nx2t

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4608-0-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/files/0x00020000000228cc-5.dat	upx
behavioral2/memory/4608-5729-0x0000000000400000-0x00000000005BA000-memory.dmp	upx
behavioral2/memory/4608-13443-0x0000000000400000-0x00000000005BA000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\msdasqlr.dll.mui.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqlxmlx.dll	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-stdio-l1-1-0.dll.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\1033\VSTOInstallerUI.dll	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\vstoee90.tlb	Process not Found
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\7-Zip\Lang\ps.txt.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msaddsr.dll.mui.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvSubsystemController.dll.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\System\Ole DB\sqloledb.dll.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVIsvStreamingManager.dll	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\System\Ole DB\fr-FR\sqloledb.rll.mui.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\AssertSplit.mp2.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdatl3.dll.exe	2b27d1659a987aaf38755b243ed974d2.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-file-l2-1-0.dll	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\InputPersonalization.exe.mui	Process not Found
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	2b27d1659a987aaf38755b243ed974d2.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2R64.dll	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\es-ES\InkObj.dll.mui.exe	Process not Found
File created	C:\Program Files\7-Zip\Lang\mng2.txt.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TabTip.exe.mui.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\i640.cab.cat	Process not Found
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ar-sa.dll.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\System\Ole DB\msdasqlr.dll.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\7-Zip\Lang\ast.txt.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-processthreads-l1-1-1.dll.exe	2b27d1659a987aaf38755b243ed974d2.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\ServiceWatcherSchedule.xml	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\7-Zip\Lang\uz.txt.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\7-Zip\Lang\eu.txt.exe	2b27d1659a987aaf38755b243ed974d2.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hr-hr.dll	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sr-latn-rs.dll.exe	2b27d1659a987aaf38755b243ed974d2.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-core-localization-l1-2-0.dll	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\fr-FR\msinfo32.exe.mui.exe	Process not Found
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	2b27d1659a987aaf38755b243ed974d2.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\System\msadc\msadco.dll	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sl-si.dll.exe	2b27d1659a987aaf38755b243ed974d2.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.it-it.dll.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-GB\tipresx.dll.mui	Process not Found
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	2b27d1659a987aaf38755b243ed974d2.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.th-th.dll	2b27d1659a987aaf38755b243ed974d2.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-heap-l1-1-0.dll	Process not Found
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-private-l1-1-0.dll.exe	Process not Found
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.ms-my.dll.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.exe	Process not Found
File opened for modification	C:\Program Files\Common Files\DESIGNER\MSADDNDR.OLB	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\msvcp120.dll.exe	Process not Found
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\msdasqlr.dll.mui	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\7-Zip\Lang\zh-tw.txt.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\7-Zip\Lang\tr.txt.exe	2b27d1659a987aaf38755b243ed974d2.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	2b27d1659a987aaf38755b243ed974d2.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\microsoft shared\MSInfo\en-US\msinfo32.exe.mui	Process not Found
File created	C:\Program Files\7-Zip\7z.exe.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.exe	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\Common Files\System\ado\msador28.tlb	2b27d1659a987aaf38755b243ed974d2.exe
File created	C:\Program Files\7-Zip\Lang\ku-ckb.txt.exe	2b27d1659a987aaf38755b243ed974d2.exe

C:\Users\Admin\AppData\Local\Temp\2b27d1659a987aaf38755b243ed974d2.exe
"C:\Users\Admin\AppData\Local\Temp\2b27d1659a987aaf38755b243ed974d2.exe"
1⤵
- Drops file in Program Files directory
PID:4608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4608-0-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4608-5729-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download
memory/4608-13443-0x0000000000400000-0x00000000005BA000-memory.dmp

Filesize
1.7MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads